| | | | | | | |
|
| | Nom du journal | Type d'événement | Catégorie | Généré le | Utilisateur | Source | Description
|
| | Application | Erreur | 100 | 2016-03-04 03:30:49 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 13.5.0.347, time stamp: 0x556419aa Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x65a1cce9 Faulting process id: 0x2380 Faulting application start time: 0x01d1759330f7926f Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: 1af32563-e1b1-11e5-a49d-448a5b846af8
|
| | Application | Avertissement | Aucun(e) | 2016-03-04 03:30:56 | SYSTEM | Microsoft-Windows-User Profiles Service | 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3861489235-3654277816-3990546563-1000: Process 2560 (\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Logitech\Logitech Gaming Software\Audio Devices
|
| | Application | Avertissement | Aucun(e) | 2016-03-04 08:33:22 | | Winlogon | 4105: Windows is in Notification period.
|
| | Application | Avertissement | Aucun(e) | 2016-03-04 08:35:22 | | Winlogon | 4006: The Windows logon process has failed to spawn a user application. Application name: . Command line parameters: C:\Users\ALIENW~1\AppData\Local\Temp\MSDCSC\msdcsc.exe.
|
| | Application | Erreur | Aucun(e) | 2016-03-04 08:43:52 | | SideBySide | 80: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
|
| | Application | Erreur | Aucun(e) | 2016-03-04 08:51:07 | | SideBySide | 80: Activation context generation failed for "c:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
|
| | Application | Erreur | 100 | 2016-03-04 15:10:08 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 13.5.0.347, time stamp: 0x556419aa Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x57b0cce9 Faulting process id: 0x1834 Faulting application start time: 0x01d175f67ac16ce9 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: cc774d7b-e212-11e5-b4a3-448a5b846af8
|
| | Application | Avertissement | Aucun(e) | 2016-03-04 15:10:30 | SYSTEM | Microsoft-Windows-User Profiles Service | 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3861489235-3654277816-3990546563-1000: Process 2568 (\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Logitech\Logitech Gaming Software\Audio Devices
|
| | Application | Avertissement | Aucun(e) | 2016-03-05 10:56:24 | | Winlogon | 4105: Windows is in Notification period.
|
| | Application | Erreur | 100 | 2016-03-05 10:56:28 | | Application Error | 1000: Faulting application name: MSI_LiveUpdate_Service.exe, version: 1.0.0.16, time stamp: 0x558bc63b Faulting module name: MSI_LiveUpdate_Service.exe, version: 1.0.0.16, time stamp: 0x558bc63b Exception code: 0xc0000005 Fault offset: 0x0000aed0 Faulting process id: 0xa48 Faulting application start time: 0x01d176c54864fe1c Faulting application path: C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe Faulting module path: C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe Report Id: 873b14fe-e2b8-11e5-8bd2-448a5b846af8
|
| | Application | Avertissement | Aucun(e) | 2016-03-05 10:58:24 | | Winlogon | 4006: The Windows logon process has failed to spawn a user application. Application name: . Command line parameters: C:\Users\ALIENW~1\AppData\Local\Temp\MSDCSC\msdcsc.exe.
|
| | Application | Erreur | 100 | 2016-03-05 13:54:35 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 13.5.0.347, time stamp: 0x556419aa Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x52e8cce9 Faulting process id: 0x1874 Faulting application start time: 0x01d176c8d2c0b4f8 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: 690dc43c-e2d1-11e5-8bd2-d8fc93a1b0cf
|
| | Application | Erreur | Aucun(e) | 2016-03-05 15:19:35 | | SideBySide | 80: Activation context generation failed for "c:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
|
| | Application | Erreur | 100 | 2016-03-05 18:05:13 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 13.5.0.347, time stamp: 0x556419aa Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x5b60cce9 Faulting process id: 0x5dc Faulting application start time: 0x01d176f3d97ed1e3 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: 6c662ce0-e2f4-11e5-8bd2-d8fc93a1b0cf
|
| | Application | Avertissement | Aucun(e) | 2016-03-05 18:27:43 | SYSTEM | Microsoft-Windows-User Profiles Service | 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3861489235-3654277816-3990546563-1000: Process 2556 (\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Logitech\Logitech Gaming Software\Audio Devices
|
| | Application | Avertissement | Aucun(e) | 2016-03-06 00:01:10 | | Winlogon | 4105: Windows is in Notification period.
|
| | Application | Avertissement | Aucun(e) | 2016-03-06 00:02:09 | | Winlogon | 4006: The Windows logon process has failed to spawn a user application. Application name: . Command line parameters: C:\Users\ALIENW~1\AppData\Local\Temp\MSDCSC\msdcsc.exe.
|
| | Application | Erreur | 100 | 2016-03-06 02:13:27 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 13.5.0.347, time stamp: 0x556419aa Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x573bcce9 Faulting process id: 0x1af0 Faulting application start time: 0x01d1773ab3374165 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: a0f99a20-e338-11e5-adf8-d8fc93a1b0cf
|
| | Application | Avertissement | Aucun(e) | 2016-03-06 02:28:05 | SYSTEM | Microsoft-Windows-User Profiles Service | 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3861489235-3654277816-3990546563-1000: Process 2560 (\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Logitech\Logitech Gaming Software\Audio Devices
|
| | Application | Avertissement | Aucun(e) | 2016-03-06 10:20:14 | | Winlogon | 4105: Windows is in Notification period.
|
| | Application | Avertissement | Aucun(e) | 2016-03-06 10:20:24 | | Winlogon | 4006: The Windows logon process has failed to spawn a user application. Application name: . Command line parameters: C:\Users\ALIENW~1\AppData\Local\Temp\MSDCSC\msdcsc.exe.
|
| | Application | Erreur | Aucun(e) | 2016-03-06 12:42:40 | | SideBySide | 80: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
|
| | Application | Erreur | Aucun(e) | 2016-03-06 13:01:32 | | SideBySide | 80: Activation context generation failed for "c:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
|
| | Application | Erreur | Aucun(e) | 2016-03-06 14:32:27 | | SideBySide | 80: Activation context generation failed for "c:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
|
| | Application | Erreur | Aucun(e) | 2016-03-06 17:13:25 | | SideBySide | 80: Activation context generation failed for "c:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
|
| | Application | Erreur | 100 | 2016-03-06 23:20:07 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 9.0.0.222, time stamp: 0x5564249c Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x65eccce9 Faulting process id: 0x1c24 Faulting application start time: 0x01d177d15e6bcef1 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: 94799b8e-e3e9-11e5-83fd-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-06 23:20:13 | | Application Error | 1000: Faulting application name: AfterFX.exe, version: 13.5.0.347, time stamp: 0x55642425 Faulting module name: nvoglv64.DLL, version: 10.18.13.6191, time stamp: 0x56b96e4b Exception code: 0xc0000005 Fault offset: 0x00000000009e3ec0 Faulting process id: 0x2130 Faulting application start time: 0x01d177d160ec8fc2 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\AfterFX.exe Faulting module path: C:\Windows\system32\nvoglv64.DLL Report Id: 981fa6cb-e3e9-11e5-83fd-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-06 23:34:33 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 13.5.0.347, time stamp: 0x556419aa Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x5357cce9 Faulting process id: 0xc8c Faulting application start time: 0x01d177a1cdc8fbb7 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: 989d7e67-e3eb-11e5-83fd-d8fc93a1b0cf
|
| | Application | Erreur | Aucun(e) | 2016-03-07 02:18:40 | | SideBySide | 80: Activation context generation failed for "c:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
|
| | Application | Erreur | Aucun(e) | 2016-03-07 03:54:57 | | SideBySide | 80: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
|
| | Application | Erreur | 100 | 2016-03-07 08:36:06 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 9.0.0.222, time stamp: 0x5564249c Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x65cdcce9 Faulting process id: 0x2264 Faulting application start time: 0x01d1780577e71511 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: 3ff3014b-e437-11e5-83fd-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-07 08:36:11 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 13.5.0.347, time stamp: 0x556419aa Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x5317cce9 Faulting process id: 0x20fc Faulting application start time: 0x01d178043d9de79b Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: 42e33422-e437-11e5-83fd-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-07 11:13:48 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 9.0.0.222, time stamp: 0x5564249c Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x543dcce9 Faulting process id: 0xbc4 Faulting application start time: 0x01d1784a9d3a98aa Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: 47bea997-e44d-11e5-83fd-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-07 12:24:56 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 9.0.0.222, time stamp: 0x5564249c Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x50b7cce9 Faulting process id: 0x9e0 Faulting application start time: 0x01d1785d701a676b Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: 37ad2b79-e457-11e5-83fd-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-07 12:25:53 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 13.5.0.347, time stamp: 0x556419aa Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x5e53cce9 Faulting process id: 0x1734 Faulting application start time: 0x01d1784a961803cb Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: 598e4dc8-e457-11e5-83fd-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-07 14:02:27 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 13.5.0.347, time stamp: 0x556419aa Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x5d0acce9 Faulting process id: 0x1830 Faulting application start time: 0x01d178665b45628f Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: d725a0f0-e464-11e5-83fd-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-07 15:50:11 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 9.0.0.222, time stamp: 0x5564249c Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x54efcce9 Faulting process id: 0x105c Faulting application start time: 0x01d1787a520c8547 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: e3fb8a62-e473-11e5-83fd-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-07 15:50:16 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 13.5.0.347, time stamp: 0x556419aa Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x5d7ecce9 Faulting process id: 0x252c Faulting application start time: 0x01d1787a3a4dae85 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: e7327e7f-e473-11e5-83fd-d8fc93a1b0cf
|
| | Application | Avertissement | Aucun(e) | 2016-03-07 15:50:31 | SYSTEM | Microsoft-Windows-User Profiles Service | 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-3861489235-3654277816-3990546563-1000: Process 352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000 Process 352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000 Process 352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000 Process 352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000 Process 352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Microsoft\SystemCertificates\Disallowed Process 352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Microsoft\SystemCertificates\Root Process 352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Microsoft\SystemCertificates\SmartCardRoot Process 352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Policies\Microsoft\SystemCertificates Process 352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Policies\Microsoft\SystemCertificates Process 352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Policies\Microsoft\SystemCertificates Process 352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Policies\Microsoft\SystemCertificates Process 2508 (\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Logitech\Logitech Gaming Software\Audio Devices Process 352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Microsoft\SystemCertificates\trust Process 352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Microsoft\SystemCertificates\My Process 352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Microsoft\SystemCertificates\CA Process 352 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Microsoft\SystemCertificates\TrustedPeople
|
| | Application | Avertissement | Aucun(e) | 2016-03-07 22:35:38 | | Winlogon | 4105: Windows is in Notification period.
|
| | Application | Avertissement | Aucun(e) | 2016-03-07 22:37:38 | | Winlogon | 4006: The Windows logon process has failed to spawn a user application. Application name: . Command line parameters: C:\Users\ALIENW~1\AppData\Local\Temp\MSDCSC\msdcsc.exe.
|
| | Application | Erreur | 1 | 2016-03-07 22:37:45 | | Windows Search Service | 9002: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)
|
| | Application | Erreur | 3 | 2016-03-07 22:37:45 | | ESENT | 455: Windows (5268) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS000DC.log.
|
| | Application | Erreur | 3 | 2016-03-07 22:37:45 | | Windows Search Service | 9000: The Windows Search Service cannot open the Jet property store. Details: 0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))
|
| | Application | Erreur | 3 | 2016-03-07 22:37:45 | | Windows Search Service | 7040: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
|
| | Application | Erreur | 3 | 2016-03-07 22:37:45 | | Windows Search Service | 7042: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
|
| | Application | Erreur | 3 | 2016-03-07 22:37:45 | | Windows Search Service | 3029: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
|
| | Application | Erreur | 3 | 2016-03-07 22:37:45 | | Windows Search Service | 3029: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490)
|
| | Application | Erreur | 3 | 2016-03-07 22:37:45 | | Windows Search Service | 3028: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
|
| | Application | Erreur | 3 | 2016-03-07 22:37:45 | | Windows Search Service | 3058: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
|
| | Application | Erreur | 3 | 2016-03-07 22:37:45 | | Windows Search Service | 7010: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
|
| | Application | Avertissement | 1 | 2016-03-07 22:37:45 | | Windows Search Service | 1008: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Index Corruption}.
|
| | Application | Avertissement | Aucun(e) | 2016-03-08 02:01:04 | SYSTEM | Microsoft-Windows-User Profiles Service | 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3861489235-3654277816-3990546563-1000: Process 2544 (\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Logitech\Logitech Gaming Software\Audio Devices
|
| | Application | Avertissement | Aucun(e) | 2016-03-08 09:05:10 | | Winlogon | 4105: Windows is in Notification period.
|
| | Application | Erreur | 100 | 2016-03-08 09:05:16 | | Application Error | 1000: Faulting application name: MSI_LiveUpdate_Service.exe, version: 1.0.0.16, time stamp: 0x558bc63b Faulting module name: MSI_LiveUpdate_Service.exe, version: 1.0.0.16, time stamp: 0x558bc63b Exception code: 0xc0000005 Fault offset: 0x0000aed0 Faulting process id: 0xa28 Faulting application start time: 0x01d179113daa8ffd Faulting application path: C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe Faulting module path: C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe Report Id: 7d867e3e-e504-11e5-8d19-d8fc93a1b0cf
|
| | Application | Avertissement | Aucun(e) | 2016-03-08 09:05:22 | | Winlogon | 4006: The Windows logon process has failed to spawn a user application. Application name: . Command line parameters: C:\Users\ALIENW~1\AppData\Local\Temp\MSDCSC\msdcsc.exe.
|
| | Application | Erreur | Aucun(e) | 2016-03-08 09:13:37 | | SideBySide | 80: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
|
| | Application | Erreur | 100 | 2016-03-08 09:27:14 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 13.5.0.347, time stamp: 0x556419aa Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x5b31cce9 Faulting process id: 0x1640 Faulting application start time: 0x01d17913d4c9c6d4 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: 8f1ae21d-e507-11e5-8d19-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-08 09:28:17 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 13.5.0.347, time stamp: 0x556419aa Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x5aa2cce9 Faulting process id: 0x1548 Faulting application start time: 0x01d17914530f0f1d Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: b50efc7f-e507-11e5-8d19-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-08 15:07:41 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 13.5.0.347, time stamp: 0x556419aa Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x58d8cce9 Faulting process id: 0xe50 Faulting application start time: 0x01d179147839160b Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: 1e8f69c1-e537-11e5-8d19-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-08 19:34:35 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 13.5.0.347, time stamp: 0x556419aa Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x65a1cce9 Faulting process id: 0x2340 Faulting application start time: 0x01d17943e32a2fb2 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: 67a4f859-e55c-11e5-8d19-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-08 20:04:14 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 13.5.0.347, time stamp: 0x556419aa Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x6642cce9 Faulting process id: 0x248c Faulting application start time: 0x01d179692a055651 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: 8c003219-e560-11e5-8d19-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-09 00:54:23 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 13.5.0.347, time stamp: 0x556419aa Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x55a9cce9 Faulting process id: 0x1b78 Faulting application start time: 0x01d17989a4ff341b Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: 14fa0d2f-e589-11e5-8d19-d8fc93a1b0cf
|
| | Application | Avertissement | Aucun(e) | 2016-03-09 04:01:25 | SYSTEM | Microsoft-Windows-User Profiles Service | 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3861489235-3654277816-3990546563-1000: Process 2888 (\Device\HarddiskVolume3\Windows\System32\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 2524 (\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Logitech\Logitech Gaming Software\Audio Devices
|
| | Application | Avertissement | Aucun(e) | 2016-03-09 09:34:51 | | Winlogon | 4105: Windows is in Notification period.
|
| | Application | Erreur | 100 | 2016-03-09 09:34:57 | | Application Error | 1000: Faulting application name: MSI_LiveUpdate_Service.exe, version: 1.0.0.16, time stamp: 0x558bc63b Faulting module name: MSI_LiveUpdate_Service.exe, version: 1.0.0.16, time stamp: 0x558bc63b Exception code: 0xc0000005 Fault offset: 0x0000aed0 Faulting process id: 0xa40 Faulting application start time: 0x01d179de8da81b3e Faulting application path: C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe Faulting module path: C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe Report Id: cd6c3bbc-e5d1-11e5-83f4-448a5b846af8
|
| | Application | Avertissement | Aucun(e) | 2016-03-09 09:35:07 | | Winlogon | 4006: The Windows logon process has failed to spawn a user application. Application name: . Command line parameters: C:\Users\ALIENW~1\AppData\Local\Temp\MSDCSC\msdcsc.exe.
|
| | Application | Avertissement | Aucun(e) | 2016-03-09 09:58:56 | SYSTEM | Microsoft-Windows-User Profiles Service | 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3861489235-3654277816-3990546563-1000: Process 2544 (\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Logitech\Logitech Gaming Software\Audio Devices
|
| | Application | Avertissement | Aucun(e) | 2016-03-10 08:58:25 | | Winlogon | 4105: Windows is in Notification period.
|
| | Application | Avertissement | Aucun(e) | 2016-03-10 09:00:25 | | Winlogon | 4006: The Windows logon process has failed to spawn a user application. Application name: . Command line parameters: C:\Users\ALIENW~1\AppData\Local\Temp\MSDCSC\msdcsc.exe.
|
| | Application | Erreur | Aucun(e) | 2016-03-10 10:45:52 | | SideBySide | 80: Activation context generation failed for "c:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
|
| | Application | Erreur | Aucun(e) | 2016-03-10 10:47:56 | | Software Protection Platform Service | 8200: License acquisition failure details. hr=0xC004C533
|
| | Application | Erreur | Aucun(e) | 2016-03-10 10:47:56 | | Software Protection Platform Service | 8208: Acquisition of genuine ticket failed (hr=0xC004C533) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f
|
| | Application | Erreur | Aucun(e) | 2016-03-10 12:50:33 | | SideBySide | 80: Activation context generation failed for "c:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
|
| | Application | Erreur | 100 | 2016-03-10 15:11:34 | | Application Error | 1000: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417 Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e Exception code: 0x80000003 Fault offset: 0x0000ed3b Faulting process id: 0x18dc Faulting application start time: 0x01d17aa34a7b33f5 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Report Id: fe33d3fc-e6c9-11e5-a114-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 15:11:42 | | Application Error | 1000: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417 Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e Exception code: 0x80000003 Fault offset: 0x0000ed3b Faulting process id: 0x11f4 Faulting application start time: 0x01d17ad6c4438c24 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Report Id: 02e6bf49-e6ca-11e5-a114-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 15:11:54 | | Application Error | 1000: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417 Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e Exception code: 0x80000003 Fault offset: 0x0000ed3b Faulting process id: 0x1044 Faulting application start time: 0x01d17ad6cbf91459 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Report Id: 0a68b39d-e6ca-11e5-a114-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 15:16:26 | | Application Error | 1000: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417 Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e Exception code: 0x80000003 Fault offset: 0x0000ed3b Faulting process id: 0x4a34 Faulting application start time: 0x01d17ad757b26bd2 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Report Id: ac3c525f-e6ca-11e5-a114-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 15:18:09 | | Application Error | 1000: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417 Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e Exception code: 0x80000003 Fault offset: 0x0000ed3b Faulting process id: 0x4f20 Faulting application start time: 0x01d17ad7819af954 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Report Id: ea08f417-e6ca-11e5-a114-d8fc93a1b0cf
|
| | Application | Erreur | Aucun(e) | 2016-03-10 15:20:04 | | WdMan | 102:
|
| | Application | Erreur | 100 | 2016-03-10 15:20:26 | | Application Error | 1000: Faulting application name: Adobe QT32 Server.exe, version: 13.5.0.347, time stamp: 0x556419aa Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef Exception code: 0xc0000005 Fault offset: 0x66b7cce9 Faulting process id: 0x1a24 Faulting application start time: 0x01d17ab749656dbb Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\Adobe QT32 Server.exe Faulting module path: QuickTime.qts Report Id: 3b482327-e6cb-11e5-a114-d8fc93a1b0cf
|
| | Application | Erreur | 3 | 2016-03-10 15:20:37 | | ESENT | 455: DllHost (12516) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Alienware\AppData\Local\Microsoft\Windows\WebCache\V0100189.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:20:37 | | ESENT | 455: DllHost (12516) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alienware\AppData\Local\Microsoft\Windows\WebCache\V01.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:20:37 | | ESENT | 455: DllHost (12516) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alienware\AppData\Local\Microsoft\Windows\WebCache\V01.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:20:37 | | ESENT | 455: DllHost (12516) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alienware\AppData\Local\Microsoft\Windows\WebCache\V01.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:20:37 | | ESENT | 455: DllHost (12516) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alienware\AppData\Local\Microsoft\Windows\WebCache\V01.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:20:37 | | ESENT | 455: DllHost (12516) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alienware\AppData\Local\Microsoft\Windows\WebCache\V01.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:20:37 | | ESENT | 455: DllHost (12516) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alienware\AppData\Local\Microsoft\Windows\WebCache\V01.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:20:37 | | ESENT | 455: DllHost (12516) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alienware\AppData\Local\Microsoft\Windows\WebCache\V01.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:20:37 | | ESENT | 455: DllHost (12516) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alienware\AppData\Local\Microsoft\Windows\WebCache\V01.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:20:37 | | ESENT | 455: DllHost (12516) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alienware\AppData\Local\Microsoft\Windows\WebCache\V01.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:20:37 | | ESENT | 455: DllHost (12516) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alienware\AppData\Local\Microsoft\Windows\WebCache\V01.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:20:37 | | ESENT | 455: DllHost (12516) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alienware\AppData\Local\Microsoft\Windows\WebCache\V01.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:20:37 | | ESENT | 455: DllHost (12516) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alienware\AppData\Local\Microsoft\Windows\WebCache\V01.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:20:37 | | ESENT | 455: DllHost (12516) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alienware\AppData\Local\Microsoft\Windows\WebCache\V01.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:20:37 | | ESENT | 455: DllHost (12516) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alienware\AppData\Local\Microsoft\Windows\WebCache\V01.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:20:37 | | ESENT | 455: DllHost (12516) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alienware\AppData\Local\Microsoft\Windows\WebCache\V01.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:20:38 | | ESENT | 455: DllHost (12516) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alienware\AppData\Local\Microsoft\Windows\WebCache\V01.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:20:38 | | ESENT | 455: DllHost (12516) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alienware\AppData\Local\Microsoft\Windows\WebCache\V01.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:20:41 | | ESENT | 455: DllHost (12516) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alienware\AppData\Local\Microsoft\Windows\WebCache\V01.log.
|
| | Application | Avertissement | Aucun(e) | 2016-03-10 15:21:23 | SYSTEM | Microsoft-Windows-User Profiles Service | 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 20 user registry handles leaked from \Registry\User\S-1-5-21-3861489235-3654277816-3990546563-1000: Process 416 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000 Process 416 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000 Process 416 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000 Process 416 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000 Process 652 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000 Process 416 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Microsoft\SystemCertificates\Disallowed Process 652 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Microsoft\SystemCertificates\Root Process 416 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Microsoft\SystemCertificates\Root Process 652 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Microsoft\SystemCertificates\SmartCardRoot Process 416 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Microsoft\SystemCertificates\SmartCardRoot Process 416 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Policies\Microsoft\SystemCertificates Process 416 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Policies\Microsoft\SystemCertificates Process 652 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Policies\Microsoft\SystemCertificates Process 416 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Policies\Microsoft\SystemCertificates Process 416 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Policies\Microsoft\SystemCertificates Process 652 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Microsoft\SystemCertificates\trust Process 416 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Microsoft\SystemCertificates\trust Process 416 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Microsoft\SystemCertificates\My Process 416 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Microsoft\SystemCertificates\CA Process 416 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Microsoft\SystemCertificates\TrustedPeople
|
| | Application | Avertissement | Aucun(e) | 2016-03-10 15:25:26 | | Winlogon | 4105: Windows is in Notification period.
|
| | Application | Erreur | Aucun(e) | 2016-03-10 15:25:28 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 15:25:33 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:25:53 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:26:03 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:26:13 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:26:24 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | Aucun(e) | 2016-03-10 15:26:28 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 15:26:29 | | Application Error | 1000: Faulting application name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Faulting module name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Exception code: 0x40000015 Fault offset: 0x000d8bce Faulting process id: 0xadc Faulting application start time: 0x01d17ad8b1f8cc60 Faulting application path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Faulting module path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Report Id: 13a888c5-e6cc-11e5-9856-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 15:26:29 | | Application Error | 1000: Faulting application name: MSI_LiveUpdate_Service.exe, version: 1.0.0.16, time stamp: 0x558bc63b Faulting module name: MSI_LiveUpdate_Service.exe, version: 1.0.0.16, time stamp: 0x558bc63b Exception code: 0xc0000005 Fault offset: 0x0000aed0 Faulting process id: 0xa54 Faulting application start time: 0x01d17ad8b1f4099f Faulting application path: C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe Faulting module path: C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe Report Id: 13aface6-e6cc-11e5-9856-d8fc93a1b0cf
|
| | Application | Avertissement | Aucun(e) | 2016-03-10 15:26:31 | | Winlogon | 4006: The Windows logon process has failed to spawn a user application. Application name: . Command line parameters: C:\Users\ALIENW~1\AppData\Local\Temp\MSDCSC\msdcsc.exe.
|
| | Application | Erreur | 100 | 2016-03-10 15:26:34 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:26:44 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:26:55 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:27:05 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:27:15 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:27:25 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:27:36 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:27:46 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:27:56 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:28:07 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:28:17 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:28:27 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:28:38 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:28:48 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:28:58 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:29:08 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:29:19 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:29:29 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:29:39 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:29:50 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:30:00 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:30:10 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:30:21 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | Aucun(e) | 2016-03-10 15:30:28 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 15:30:31 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:30:41 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:30:51 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:31:02 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:31:12 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:31:22 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | Aucun(e) | 2016-03-10 15:31:28 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 15:31:28 | | Application Error | 1000: Faulting application name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Faulting module name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Exception code: 0x40000015 Fault offset: 0x000d8bce Faulting process id: 0x1008 Faulting application start time: 0x01d17ad964c147da Faulting application path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Faulting module path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Report Id: c637e339-e6cc-11e5-9856-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 15:31:33 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:31:43 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:31:53 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:32:03 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:32:14 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:32:24 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:32:34 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:32:45 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:32:55 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:33:05 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:33:16 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:33:26 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:33:36 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:33:47 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:33:57 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:34:07 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:34:18 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:34:28 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:34:38 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 1 | 2016-03-10 15:34:46 | | Windows Search Service | 9002: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)
|
| | Application | Erreur | 3 | 2016-03-10 15:34:46 | | ESENT | 455: Windows (4744) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00047.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:34:46 | | Windows Search Service | 9000: The Windows Search Service cannot open the Jet property store. Details: 0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))
|
| | Application | Erreur | 3 | 2016-03-10 15:34:46 | | Windows Search Service | 7040: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
|
| | Application | Erreur | 3 | 2016-03-10 15:34:46 | | Windows Search Service | 7042: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
|
| | Application | Erreur | 3 | 2016-03-10 15:34:46 | | Windows Search Service | 3029: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
|
| | Application | Erreur | 3 | 2016-03-10 15:34:46 | | Windows Search Service | 3029: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490)
|
| | Application | Erreur | 3 | 2016-03-10 15:34:46 | | Windows Search Service | 3028: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
|
| | Application | Erreur | 3 | 2016-03-10 15:34:46 | | Windows Search Service | 3058: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
|
| | Application | Erreur | 3 | 2016-03-10 15:34:46 | | Windows Search Service | 7010: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
|
| | Application | Erreur | 100 | 2016-03-10 15:34:48 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Avertissement | Aucun(e) | 2016-03-10 15:35:33 | | Winlogon | 4105: Windows is in Notification period.
|
| | Application | Erreur | Aucun(e) | 2016-03-10 15:35:35 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 15:35:39 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:36:00 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:36:10 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:36:20 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:36:30 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | Aucun(e) | 2016-03-10 15:36:35 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 15:36:36 | | Application Error | 1000: Faulting application name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Faulting module name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Exception code: 0x40000015 Fault offset: 0x000d8bce Faulting process id: 0xac8 Faulting application start time: 0x01d17ada1ba9155d Faulting application path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Faulting module path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Report Id: 7d5ff5e3-e6cd-11e5-ac6b-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 15:36:36 | | Application Error | 1000: Faulting application name: MSI_LiveUpdate_Service.exe, version: 1.0.0.16, time stamp: 0x558bc63b Faulting module name: MSI_LiveUpdate_Service.exe, version: 1.0.0.16, time stamp: 0x558bc63b Exception code: 0xc0000005 Fault offset: 0x0000aed0 Faulting process id: 0xa44 Faulting application start time: 0x01d17ada1ba4529c Faulting application path: C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe Faulting module path: C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe Report Id: 7d6bdcc4-e6cd-11e5-ac6b-d8fc93a1b0cf
|
| | Application | Avertissement | Aucun(e) | 2016-03-10 15:36:37 | | Winlogon | 4006: The Windows logon process has failed to spawn a user application. Application name: . Command line parameters: C:\Users\ALIENW~1\AppData\Local\Temp\MSDCSC\msdcsc.exe.
|
| | Application | Erreur | 100 | 2016-03-10 15:36:41 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Avertissement | 1 | 2016-03-10 15:36:44 | | Windows Search Service | 1008: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Index Corruption}.
|
| | Application | Erreur | 100 | 2016-03-10 15:36:51 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:37:01 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:37:12 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:37:22 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:37:32 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:37:43 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:37:53 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:38:03 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 101 | 2016-03-10 15:38:04 | | Application Hang | 1002: The program IEXPLORE.EXE version 11.0.9600.17728 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1454 Start Time: 01d17ada6bddcdc1 Termination Time: 0 Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE Report Id: b0c18477-e6cd-11e5-ac6b-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 15:38:13 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:38:24 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:38:34 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:38:44 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:38:55 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:39:05 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:39:15 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:39:26 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:39:36 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:39:46 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:39:56 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:40:07 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:40:17 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:40:27 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | Aucun(e) | 2016-03-10 15:40:35 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 15:40:38 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:40:48 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:40:58 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:41:08 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:41:19 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:41:29 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | Aucun(e) | 2016-03-10 15:41:35 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 15:41:36 | | Application Error | 1000: Faulting application name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Faulting module name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Exception code: 0x40000015 Fault offset: 0x000d8bce Faulting process id: 0x16a8 Faulting application start time: 0x01d17adace711239 Faulting application path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Faulting module path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Report Id: 30403d8d-e6ce-11e5-ac6b-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 15:41:39 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:41:50 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:42:00 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:42:10 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:42:20 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:42:31 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:42:41 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:42:51 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:43:02 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:43:12 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:43:22 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:43:33 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:43:43 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:43:53 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:44:03 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:44:14 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:44:24 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:44:34 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:44:45 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:44:55 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:45:05 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:45:16 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:45:26 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:45:36 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:45:46 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:45:57 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:46:07 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:46:17 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:46:28 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:46:38 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:46:48 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:46:58 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 101 | 2016-03-10 15:47:07 | | Application Hang | 1002: The program IEXPLORE.EXE version 11.0.9600.17728 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ea0 Start Time: 01d17adbb2b43b8e Termination Time: 0 Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE Report Id: f4aa20ce-e6ce-11e5-ac6b-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 15:47:09 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:47:19 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:47:29 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:47:40 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:47:50 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:48:00 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:48:10 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:48:21 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:48:31 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:48:41 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:48:52 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:49:02 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:49:12 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:49:23 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:49:33 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:49:43 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:49:53 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:50:04 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:50:14 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:50:24 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:50:35 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:50:45 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:50:55 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:51:06 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:51:16 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:51:26 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:51:36 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:51:47 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:51:57 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:52:07 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:52:18 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:52:28 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:52:38 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:52:49 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:52:59 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:53:09 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:53:19 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:53:30 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:53:40 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:53:50 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:54:01 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:54:11 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:54:21 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:54:32 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 1 | 2016-03-10 15:54:35 | | Windows Search Service | 9002: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)
|
| | Application | Erreur | 3 | 2016-03-10 15:54:35 | | ESENT | 455: Windows (6544) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00044.log.
|
| | Application | Erreur | 3 | 2016-03-10 15:54:35 | | Windows Search Service | 9000: The Windows Search Service cannot open the Jet property store. Details: 0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))
|
| | Application | Erreur | 3 | 2016-03-10 15:54:35 | | Windows Search Service | 7040: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
|
| | Application | Erreur | 3 | 2016-03-10 15:54:35 | | Windows Search Service | 7042: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
|
| | Application | Erreur | 3 | 2016-03-10 15:54:35 | | Windows Search Service | 3029: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
|
| | Application | Erreur | 3 | 2016-03-10 15:54:35 | | Windows Search Service | 3029: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490)
|
| | Application | Erreur | 3 | 2016-03-10 15:54:35 | | Windows Search Service | 3028: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
|
| | Application | Erreur | 3 | 2016-03-10 15:54:35 | | Windows Search Service | 3058: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
|
| | Application | Erreur | 3 | 2016-03-10 15:54:35 | | Windows Search Service | 7010: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
|
| | Application | Avertissement | Aucun(e) | 2016-03-10 15:56:21 | | Winlogon | 4105: Windows is in Notification period.
|
| | Application | Erreur | Aucun(e) | 2016-03-10 15:56:23 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 15:56:27 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:56:48 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:56:58 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:57:08 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:57:18 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | Aucun(e) | 2016-03-10 15:57:23 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 15:57:24 | | Application Error | 1000: Faulting application name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Faulting module name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Exception code: 0x40000015 Fault offset: 0x000d8bce Faulting process id: 0xac8 Faulting application start time: 0x01d17add038926bd Faulting application path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Faulting module path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Report Id: 65400743-e6d0-11e5-9be8-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 15:57:24 | | Application Error | 1000: Faulting application name: MSI_LiveUpdate_Service.exe, version: 1.0.0.16, time stamp: 0x558bc63b Faulting module name: MSI_LiveUpdate_Service.exe, version: 1.0.0.16, time stamp: 0x558bc63b Exception code: 0xc0000005 Fault offset: 0x0000aed0 Faulting process id: 0xa44 Faulting application start time: 0x01d17add038463fc Faulting application path: C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe Faulting module path: C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe Report Id: 65498cc4-e6d0-11e5-9be8-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 15:57:29 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Avertissement | Aucun(e) | 2016-03-10 15:57:29 | | Winlogon | 4006: The Windows logon process has failed to spawn a user application. Application name: . Command line parameters: C:\Users\ALIENW~1\AppData\Local\Temp\MSDCSC\msdcsc.exe.
|
| | Application | Avertissement | 1 | 2016-03-10 15:57:36 | | Windows Search Service | 1008: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Index Corruption}.
|
| | Application | Erreur | 100 | 2016-03-10 15:57:39 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:57:49 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:58:00 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:58:10 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:58:20 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:58:31 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:58:41 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:58:51 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:59:01 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:59:12 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:59:22 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:59:32 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:59:43 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 15:59:53 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:00:03 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:00:13 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:00:24 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:00:34 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:00:45 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:00:55 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:01:05 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:01:15 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | Aucun(e) | 2016-03-10 16:01:23 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 16:01:26 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:01:36 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:01:46 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:01:56 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:02:07 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:02:17 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | Aucun(e) | 2016-03-10 16:02:23 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 16:02:24 | | Application Error | 1000: Faulting application name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Faulting module name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Exception code: 0x40000015 Fault offset: 0x000d8bce Faulting process id: 0x1418 Faulting application start time: 0x01d17addb6521ef4 Faulting application path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Faulting module path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Report Id: 18205fe5-e6d1-11e5-9be8-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 16:02:27 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:02:38 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:02:48 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:02:58 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:03:09 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:03:19 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:03:29 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:03:40 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:03:50 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:04:00 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:04:10 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:04:21 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:04:31 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:04:41 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:04:52 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:05:02 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:05:12 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:05:23 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:05:33 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:05:43 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:05:53 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:06:04 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:06:14 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:06:24 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:06:35 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:06:45 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:06:55 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:07:05 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:07:16 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:07:26 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:07:36 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:07:47 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:07:57 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:08:07 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:08:17 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:08:28 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:08:38 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:08:48 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:08:59 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:09:09 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:09:19 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:09:30 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:09:40 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:09:50 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:10:00 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:10:11 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:10:21 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:10:31 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:10:42 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:10:52 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:11:02 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:11:13 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:11:23 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:11:33 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:11:43 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:11:54 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:12:04 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:12:14 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:12:25 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:12:35 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:12:45 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:12:55 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:13:06 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:13:16 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:13:26 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:13:37 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:13:47 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:13:57 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:14:08 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:14:18 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:14:28 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:14:38 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:14:49 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:14:59 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Avertissement | Aucun(e) | 2016-03-10 16:15:57 | | Winlogon | 4105: Windows is in Notification period.
|
| | Application | Erreur | Aucun(e) | 2016-03-10 16:15:59 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 16:16:03 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:16:23 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:16:34 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:16:44 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:16:54 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | Aucun(e) | 2016-03-10 16:16:59 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 16:17:00 | | Application Error | 1000: Faulting application name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Faulting module name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Exception code: 0x40000015 Fault offset: 0x000d8bce Faulting process id: 0xacc Faulting application start time: 0x01d17adfc072fd3b Faulting application path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Faulting module path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Report Id: 222c3f22-e6d3-11e5-b3bd-d8fc93a1b0cf
|
| | Application | Avertissement | Aucun(e) | 2016-03-10 16:17:02 | | Winlogon | 4006: The Windows logon process has failed to spawn a user application. Application name: . Command line parameters: C:\Users\ALIENW~1\AppData\Local\Temp\MSDCSC\msdcsc.exe.
|
| | Application | Erreur | 100 | 2016-03-10 16:17:05 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:17:15 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:17:25 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:17:36 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:17:46 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:17:56 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:18:06 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:18:17 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:18:27 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:18:37 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:18:48 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:18:58 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:19:08 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:19:18 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:19:29 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:19:39 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:19:49 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:20:00 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:20:10 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:20:20 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:20:31 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:20:41 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:20:51 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | Aucun(e) | 2016-03-10 16:20:59 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 16:21:01 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Avertissement | Aucun(e) | 2016-03-10 16:21:08 | SYSTEM | Microsoft-Windows-User Profiles Service | 1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3861489235-3654277816-3990546563-1000: Process 2552 (\Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe) has opened key \REGISTRY\USER\S-1-5-21-3861489235-3654277816-3990546563-1000\Software\Logitech\Logitech Gaming Software\Audio Devices
|
| | Application | Avertissement | Aucun(e) | 2016-03-10 16:28:32 | | Winlogon | 4105: Windows is in Notification period.
|
| | Application | Erreur | Aucun(e) | 2016-03-10 16:28:34 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 16:28:38 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:28:58 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:29:09 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:29:19 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:29:29 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | Aucun(e) | 2016-03-10 16:29:34 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 16:29:35 | | Application Error | 1000: Faulting application name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Faulting module name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Exception code: 0x40000015 Fault offset: 0x000d8bce Faulting process id: 0xacc Faulting application start time: 0x01d17ae1827215fb Faulting application path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Faulting module path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Report Id: e42b57e2-e6d4-11e5-b079-d8fc93a1b0cf
|
| | Application | Avertissement | Aucun(e) | 2016-03-10 16:29:37 | | Winlogon | 4006: The Windows logon process has failed to spawn a user application. Application name: . Command line parameters: C:\Users\ALIENW~1\AppData\Local\Temp\MSDCSC\msdcsc.exe.
|
| | Application | Erreur | 100 | 2016-03-10 16:29:40 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:29:50 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:30:00 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:30:11 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:30:21 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:30:31 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:30:41 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:30:52 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:31:02 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:31:12 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:31:23 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:31:33 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:31:43 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:31:54 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:32:04 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:32:14 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:32:24 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:32:35 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:32:45 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:32:55 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:33:06 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:33:16 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:33:26 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | Aucun(e) | 2016-03-10 16:33:34 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 16:33:37 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:33:47 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:33:57 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:34:07 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:34:18 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:34:28 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | Aucun(e) | 2016-03-10 16:34:34 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 16:34:35 | | Application Error | 1000: Faulting application name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Faulting module name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Exception code: 0x40000015 Fault offset: 0x000d8bce Faulting process id: 0x72c Faulting application start time: 0x01d17ae2353c7da9 Faulting application path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Faulting module path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Report Id: 97150ead-e6d5-11e5-b079-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 16:34:38 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:34:49 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:34:59 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:35:09 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 101 | 2016-03-10 16:35:13 | | Application Hang | 1002: The program IEXPLORE.EXE version 11.0.9600.17728 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 16f8 Start Time: 01d17ae263ce324d Termination Time: 1 Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE Report Id: acb20ee2-e6d5-11e5-b079-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 16:35:20 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:35:30 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:35:40 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:35:50 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:36:01 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:36:11 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:36:21 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:36:32 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:36:42 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:36:52 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:37:02 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:37:13 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:37:23 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:37:33 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:37:44 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:37:54 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:38:04 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:38:15 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:38:25 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:38:35 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:38:45 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:38:56 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:39:06 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:39:16 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:39:27 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:39:37 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:39:47 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:39:57 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:40:08 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:40:18 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:40:28 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:40:39 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:40:49 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:40:59 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:41:10 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:41:20 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:41:30 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:41:40 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:41:51 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:42:01 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:42:11 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:42:22 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:42:32 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:42:42 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:42:53 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:43:03 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:43:13 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:43:23 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:43:34 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:43:44 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:43:54 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:44:05 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:44:15 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:44:25 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:44:36 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:44:46 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:44:56 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:45:06 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:45:17 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:45:27 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:45:37 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:45:48 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:45:58 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:46:08 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:46:18 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Avertissement | Aucun(e) | 2016-03-10 16:48:18 | | Winlogon | 4105: Windows is in Notification period.
|
| | Application | Erreur | Aucun(e) | 2016-03-10 16:48:20 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 16:48:24 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:48:45 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:48:55 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:49:05 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:49:15 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | Aucun(e) | 2016-03-10 16:49:20 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 16:49:22 | | Application Error | 1000: Faulting application name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Faulting module name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Exception code: 0x40000015 Fault offset: 0x000d8bce Faulting process id: 0xac8 Faulting application start time: 0x01d17ae445699b3d Faulting application path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Faulting module path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Report Id: a7d302f8-e6d7-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 16:49:26 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:49:36 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:49:46 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:49:57 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:50:07 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Avertissement | Aucun(e) | 2016-03-10 16:50:13 | | Winlogon | 4006: The Windows logon process has failed to spawn a user application. Application name: . Command line parameters: C:\Users\ALIENW~1\AppData\Local\Temp\MSDCSC\msdcsc.exe.
|
| | Application | Erreur | 100 | 2016-03-10 16:50:18 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:50:28 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:50:38 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:50:48 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:50:58 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:51:09 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:51:19 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:51:29 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:51:40 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:51:50 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:52:00 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:52:11 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:52:21 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:52:31 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:52:41 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:52:52 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:53:02 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:53:12 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | Aucun(e) | 2016-03-10 16:53:20 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 16:53:23 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:53:33 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:53:43 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:53:53 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:54:04 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:54:14 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | Aucun(e) | 2016-03-10 16:54:20 | | NVNetworkService | 0:
|
| | Application | Erreur | 100 | 2016-03-10 16:54:22 | | Application Error | 1000: Faulting application name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Faulting module name: NvNetworkService.exe, version: 2.4.13.69, time stamp: 0x5679c4cd Exception code: 0x40000015 Fault offset: 0x000d8bce Faulting process id: 0x142c Faulting application start time: 0x01d17ae4f832bad1 Faulting application path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Faulting module path: C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe Report Id: 5a9786dc-e6d8-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 16:54:24 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:54:35 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:54:45 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:54:55 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:55:06 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:55:16 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:55:26 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:55:36 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:55:47 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:55:57 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:56:07 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:56:18 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:56:28 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:56:38 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:56:49 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:56:59 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:57:09 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:57:19 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:57:30 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:57:40 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:57:50 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:58:01 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:58:11 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:58:21 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:58:31 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:58:42 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:58:52 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:59:02 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:59:13 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:59:23 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:59:33 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:59:44 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 16:59:54 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:00:04 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:00:14 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:00:25 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:00:35 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:00:45 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:00:56 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:01:06 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:01:16 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:01:26 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:01:37 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:01:47 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:01:57 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:02:08 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:02:18 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:02:28 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:02:38 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:02:49 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:02:59 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:03:09 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:03:20 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:03:30 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:03:40 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:03:51 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:04:01 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:04:11 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:04:21 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:04:32 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:04:42 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:04:52 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:05:03 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:05:13 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:05:23 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:05:33 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:05:44 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:05:54 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:06:04 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:06:15 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:06:25 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:06:35 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:06:46 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:06:56 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:07:06 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:07:16 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:07:27 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:07:37 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:07:47 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:07:58 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:08:08 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:08:18 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:08:28 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:08:39 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:08:49 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:08:59 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:09:10 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:09:20 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:09:30 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:09:41 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:09:51 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:10:01 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:10:11 | | Application Error | 1000: Faulting application name: 62331f57fa9967affc506b4a7985ecac.exe, version: 2.41.2.21, time stamp: 0x56d89557 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe053534f Fault offset: 0x0000c42d Faulting process id: 0x(null) Faulting application start time: 0x(null) Faulting application path: (null) Faulting module path: (null) Report Id: (null)
|
| | Application | Erreur | 100 | 2016-03-10 17:42:46 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x15ac Faulting application start time: 0x01d17aebdfc5c8c8 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 1d8241c9-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:42:47 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x15e4 Faulting application start time: 0x01d17aebe05e5f56 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 1e0ad2c6-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:42:48 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x183c Faulting application start time: 0x01d17aebe0f71525 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 1ea3a005-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:42:49 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x694 Faulting application start time: 0x01d17aebe18f6d36 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 1f3bf817-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:42:50 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x113c Faulting application start time: 0x01d17aebe227c548 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 1fd45028-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:42:51 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1ab8 Faulting application start time: 0x01d17aebe2c27eba Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 206f099a-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:42:52 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x16c8 Faulting application start time: 0x01d17aebe35ad6cb Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 210761ac-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:42:53 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x840 Faulting application start time: 0x01d17aebe3f32edd Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 219fb9bd-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:42:54 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x16e0 Faulting application start time: 0x01d17aebe48de84f Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 223a732f-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:42:55 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1174 Faulting application start time: 0x01d17aebe5264060 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 22d2cb40-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:42:56 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xd94 Faulting application start time: 0x01d17aebe5be9872 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 236b2352-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:42:57 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1bbc Faulting application start time: 0x01d17aebe6591364 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 24059e44-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:42:58 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xbe0 Faulting application start time: 0x01d17aebe6f16b76 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 249df656-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:42:59 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x149c Faulting application start time: 0x01d17aebe789c387 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 25364e68-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:00 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x15a8 Faulting application start time: 0x01d17aebe8247cf9 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 25d107d9-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:01 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1928 Faulting application start time: 0x01d17aebe8bcd50b Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 26695feb-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:02 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1b80 Faulting application start time: 0x01d17aebe9552d1c Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 2701b7fc-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:03 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x11d8 Faulting application start time: 0x01d17aebe9efe68e Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 279c716e-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:04 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1914 Faulting application start time: 0x01d17aebea883ea0 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 2834c980-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:05 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xad4 Faulting application start time: 0x01d17aebeb2096b1 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 28cd2191-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:06 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xfd4 Faulting application start time: 0x01d17aebebbb5023 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 2967db03-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:07 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1a00 Faulting application start time: 0x01d17aebec53a834 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 2a003315-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:08 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x6ac Faulting application start time: 0x01d17aebecec0046 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 2a988b26-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:09 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1140 Faulting application start time: 0x01d17aebed86b9b8 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 2b334498-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:10 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x179c Faulting application start time: 0x01d17aebee1f11c9 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 2bcb9caa-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:11 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x170c Faulting application start time: 0x01d17aebeeb769db Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 2c63f4bb-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:12 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x14b0 Faulting application start time: 0x01d17aebef52234d Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: 2cfeae2d-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 101 | 2016-03-10 17:43:13 | | Application Hang | 1002: The program AfterFX.exe version 13.5.0.347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 167c Start Time: 01d17aebde915f84 Termination Time: 0 Application Path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\AfterFX.exe Report Id: 2c6fdb9d-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:37 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xbf4 Faulting application start time: 0x01d17aebfe25ebc4 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 3bd73965-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:38 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x114c Faulting application start time: 0x01d17aebfebe43d5 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 3c6aceb6-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:39 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xfa8 Faulting application start time: 0x01d17aebff569be7 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 3d0326c7-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:40 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1b94 Faulting application start time: 0x01d17aebfff15559 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 3d9de039-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:41 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x2c4 Faulting application start time: 0x01d17aec0089ad6a Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 3e36384b-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:42 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1684 Faulting application start time: 0x01d17aec0122057c Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 3ece905c-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:43 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x113c Faulting application start time: 0x01d17aec01bcbeee Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 3f6949ce-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:44 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1ab8 Faulting application start time: 0x01d17aec025516ff Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 4001a1df-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:45 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x16c8 Faulting application start time: 0x01d17aec02ed6f11 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 4099f9f1-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:46 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1158 Faulting application start time: 0x01d17aec03882882 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 4134b363-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:47 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1ad4 Faulting application start time: 0x01d17aec04208094 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 41cd0b74-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:48 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1408 Faulting application start time: 0x01d17aec04b8d8a6 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 42656386-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:49 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1338 Faulting application start time: 0x01d17aec05539217 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 43001cf8-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:50 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1b0 Faulting application start time: 0x01d17aec05ebea29 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 43987509-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:51 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1610 Faulting application start time: 0x01d17aec06858a5e Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 4432153e-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:52 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x131c Faulting application start time: 0x01d17aec071de270 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 44ca6d50-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:53 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x182c Faulting application start time: 0x01d17aec07b63a81 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 4562c561-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:54 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x90 Faulting application start time: 0x01d17aec0850f3f3 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 45fd7ed3-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:55 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1b10 Faulting application start time: 0x01d17aec08e94c05 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 4695d6e5-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:56 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1524 Faulting application start time: 0x01d17aec0981a416 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 472e2ef6-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:57 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x11b8 Faulting application start time: 0x01d17aec0a1c5d88 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 47c8e868-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:43:58 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 9.0.0.222, time stamp: 0x5564248e Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xb90 Faulting application start time: 0x01d17aec0ab4b599 Faulting application path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\32\dynamiclinkmanager.exe Faulting module path: C:\Windows\system32\MSVCR120.dll Report Id: 4861407a-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 101 | 2016-03-10 17:43:59 | | Application Hang | 1002: The program Adobe Media Encoder.exe version 9.0.0.222 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: c74 Start Time: 01d17aebfdd03a3a Termination Time: 0 Application Path: C:\Program Files\Adobe\Adobe Media Encoder CC 2015\Adobe Media Encoder.exe Report Id: 480b8ef1-e6df-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:52:18 | | Application Error | 1000: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab Exception code: 0xe06d7363 Fault offset: 0x0000c42d Faulting process id: 0x193c Faulting application start time: 0x01d17aed340d72ec Faulting application path: D:\Malwarebytes Anti-Malware\mbam.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 727147c1-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:53:42 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xfac Faulting application start time: 0x01d17aed66d401c4 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: a4808ca5-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:53:43 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1834 Faulting application start time: 0x01d17aed676ebb33 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: a51a6b53-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:53:44 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1b78 Faulting application start time: 0x01d17aed680751c1 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: a5b301e1-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:53:45 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xca4 Faulting application start time: 0x01d17aed68a01731 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: a64ca211-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:53:46 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x840 Faulting application start time: 0x01d17aed69386f42 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: a6e4fa23-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:53:47 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x16ac Faulting application start time: 0x01d17aed69d0c754 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: a77d5234-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:53:48 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1ae0 Faulting application start time: 0x01d17aed6a6b80c6 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: a8180ba6-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:53:49 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1b0c Faulting application start time: 0x01d17aed6b03d8d7 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: a8b063b8-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:53:50 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xfcc Faulting application start time: 0x01d17aed6b9c30e9 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: a948bbc9-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:53:51 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1a88 Faulting application start time: 0x01d17aed6c36ea5b Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: a9e3753b-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:53:52 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1688 Faulting application start time: 0x01d17aed6ccf426c Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: aa7bcd4c-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:53:53 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xfa8 Faulting application start time: 0x01d17aed6d679a7e Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: ab14255e-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:53:54 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xfd4 Faulting application start time: 0x01d17aed6e0253ef Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: abaeded0-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:53:55 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xe08 Faulting application start time: 0x01d17aed6e9aac01 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: ac4736e1-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:53:56 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x12e4 Faulting application start time: 0x01d17aed6f330413 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: acdf8ef3-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:53:57 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xb10 Faulting application start time: 0x01d17aed6fcdbd84 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: ad7a4865-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:53:58 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x19e4 Faulting application start time: 0x01d17aed70661596 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: ae12a076-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:53:59 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x18b8 Faulting application start time: 0x01d17aed70fe6da7 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: aeaaf888-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:00 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1534 Faulting application start time: 0x01d17aed7196c5b9 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: af435099-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:01 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x18e4 Faulting application start time: 0x01d17aed7231a63b Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: afde311c-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:02 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x19d4 Faulting application start time: 0x01d17aed72c9fe4d Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: b076892d-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:03 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x340 Faulting application start time: 0x01d17aed7362565e Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: b10ee13f-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:04 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1ab0 Faulting application start time: 0x01d17aed73fd0fd0 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: b1a99ab1-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:05 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1ac8 Faulting application start time: 0x01d17aed749567e2 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: b241f2c2-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:06 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x17e4 Faulting application start time: 0x01d17aed752dbff3 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: b2da4ad4-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:07 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1444 Faulting application start time: 0x01d17aed75c87965 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: b3750445-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:08 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1a4c Faulting application start time: 0x01d17aed7660d177 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: b40d5c57-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:09 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x197c Faulting application start time: 0x01d17aed76f92988 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: b4a5b468-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:10 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1ad8 Faulting application start time: 0x01d17aed7793e2fa Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: b5406dda-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:11 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x148c Faulting application start time: 0x01d17aed782c3b0c Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: b5d8c5ec-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:12 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1908 Faulting application start time: 0x01d17aed78c4931d Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: b6711dfd-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:13 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1a74 Faulting application start time: 0x01d17aed795f4c8f Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: b70bd76f-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:14 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x131c Faulting application start time: 0x01d17aed79f7a4a0 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: b7a42f81-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:15 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1678 Faulting application start time: 0x01d17aed7a8ffcb2 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: b83c8792-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:16 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1688 Faulting application start time: 0x01d17aed7b2ab624 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: b8d74104-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:17 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xfa8 Faulting application start time: 0x01d17aed7bc30e35 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: b96f9916-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:18 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xfd4 Faulting application start time: 0x01d17aed7c5b6647 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: ba07f127-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:19 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xf6c Faulting application start time: 0x01d17aed7cf61fb9 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: baa2aa99-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:20 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x140c Faulting application start time: 0x01d17aed7d8e77ca Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: bb3b02aa-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:21 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x19f0 Faulting application start time: 0x01d17aed7e26cfdc Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: bbd35abc-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:22 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x15bc Faulting application start time: 0x01d17aed7ec1894e Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: bc6e142e-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:23 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1580 Faulting application start time: 0x01d17aed7f59e15f Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: bd066c3f-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:24 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xe18 Faulting application start time: 0x01d17aed7ff23971 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: bd9ec451-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:25 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xce4 Faulting application start time: 0x01d17aed808cf2e2 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: be397dc3-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:26 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xf98 Faulting application start time: 0x01d17aed81254af4 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: bed1d5d4-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:27 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1808 Faulting application start time: 0x01d17aed81bda305 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: bf6a2de6-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:28 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1648 Faulting application start time: 0x01d17aed82585c77 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: c004e758-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:29 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1148 Faulting application start time: 0x01d17aed82f0b489 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: c09d3f69-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:30 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1404 Faulting application start time: 0x01d17aed83890c9a Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: c135977b-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:31 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1850 Faulting application start time: 0x01d17aed8423c60c Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: c1d050ec-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:32 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x17a8 Faulting application start time: 0x01d17aed84bc1e1e Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: c268a8fe-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:33 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1180 Faulting application start time: 0x01d17aed8554762f Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: c3010110-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:34 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1728 Faulting application start time: 0x01d17aed85ef2fa1 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: c39bba81-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:35 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1bdc Faulting application start time: 0x01d17aed868787b3 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: c4341293-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:36 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1250 Faulting application start time: 0x01d17aed871fdfc4 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: c4cc6aa4-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:37 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1264 Faulting application start time: 0x01d17aed87ba9936 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: c5672416-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:38 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x14dc Faulting application start time: 0x01d17aed8852f147 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: c5ff7c28-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:39 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x8d8 Faulting application start time: 0x01d17aed88eb4959 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: c697d439-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:40 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xca4 Faulting application start time: 0x01d17aed898602cb Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: c7328dab-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:41 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1aa8 Faulting application start time: 0x01d17aed8a1e5adc Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: c7cae5bd-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:42 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x131c Faulting application start time: 0x01d17aed8acc6d72 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: c87b59b2-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:43 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xee8 Faulting application start time: 0x01d17aed8b6726e3 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: c913b1c4-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:44 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x15e4 Faulting application start time: 0x01d17aed8bff7ef5 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: c9ac09d5-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:45 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x15f8 Faulting application start time: 0x01d17aed8c97d706 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: ca4461e7-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:46 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1974 Faulting application start time: 0x01d17aed8d329078 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: cadf1b58-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:47 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1360 Faulting application start time: 0x01d17aed8dcae88a Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: cb77736a-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:48 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1554 Faulting application start time: 0x01d17aed8e63409b Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: cc0fcb7c-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:49 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x146c Faulting application start time: 0x01d17aed8efdfa0d Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: ccaa84ed-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:50 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1708 Faulting application start time: 0x01d17aed8f96521f Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: cd42dcff-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:51 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1438 Faulting application start time: 0x01d17aed902eaa30 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: cddb3510-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:52 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1930 Faulting application start time: 0x01d17aed90c963a2 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: ce75ee82-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:53 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x107c Faulting application start time: 0x01d17aed9161bbb4 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: cf0e4694-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:54 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x18c0 Faulting application start time: 0x01d17aed91fa13c5 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: cfa69ea5-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:55 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x17a4 Faulting application start time: 0x01d17aed9294cd37 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: d0415817-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:56 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x19e8 Faulting application start time: 0x01d17aed932d2548 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: d0d9b029-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:57 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x18cc Faulting application start time: 0x01d17aed93c57d5a Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: d172083a-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:58 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1ae4 Faulting application start time: 0x01d17aed946036cc Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: d20cc1ac-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:54:59 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1b40 Faulting application start time: 0x01d17aed94f88edd Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: d2a519be-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:00 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1d4 Faulting application start time: 0x01d17aed9590e6ef Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: d33d71cf-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:01 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1250 Faulting application start time: 0x01d17aed962ba061 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: d3d82b41-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:02 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1264 Faulting application start time: 0x01d17aed96c3f872 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: d4708352-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:03 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1888 Faulting application start time: 0x01d17aed975c5084 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: d508db64-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:04 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1564 Faulting application start time: 0x01d17aed97f709f5 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: d5a394d6-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:05 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1344 Faulting application start time: 0x01d17aed988f6207 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: d63bece7-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:06 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xbac Faulting application start time: 0x01d17aed9927ba19 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: d6d444f9-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:07 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1b0c Faulting application start time: 0x01d17aed99c2738a Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: d76efe6b-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:08 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xfcc Faulting application start time: 0x01d17aed9a5acb9c Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: d807567c-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:09 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x139c Faulting application start time: 0x01d17aed9af323ad Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: d89fae8e-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:10 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x18ec Faulting application start time: 0x01d17aed9b8ddd1f Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: d93a6800-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:11 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1678 Faulting application start time: 0x01d17aed9c263531 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: d9d2c011-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:12 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1b60 Faulting application start time: 0x01d17aed9cbe8d42 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: da6b1823-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:13 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1184 Faulting application start time: 0x01d17aed9d5946b4 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: db05d194-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:14 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xb90 Faulting application start time: 0x01d17aed9df19ec6 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: db9e29a6-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:15 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1958 Faulting application start time: 0x01d17aed9e89f6d7 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: dc3681b7-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:16 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xf80 Faulting application start time: 0x01d17aed9f24b049 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: dcd13b29-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:17 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1558 Faulting application start time: 0x01d17aed9fbd085b Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: dd69933b-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:18 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xf0c Faulting application start time: 0x01d17aeda055606c Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: de01eb4c-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:19 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1534 Faulting application start time: 0x01d17aeda0f019de Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: de9ca4be-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:20 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x3f4 Faulting application start time: 0x01d17aeda18871ef Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: df34fcd0-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:21 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x11bc Faulting application start time: 0x01d17aeda220ca01 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: dfcd54e1-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:22 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x18e4 Faulting application start time: 0x01d17aeda2bb8373 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: e0680e53-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:23 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x17ac Faulting application start time: 0x01d17aeda353db84 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: e1006665-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:24 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x14b8 Faulting application start time: 0x01d17aeda3ec3396 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: e198be76-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:25 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1ba4 Faulting application start time: 0x01d17aeda486ed08 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: e23377e8-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:26 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1b90 Faulting application start time: 0x01d17aeda51f4519 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: e2cbcff9-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:27 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1bbc Faulting application start time: 0x01d17aeda5b79d2b Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: e364280b-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:28 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xbc4 Faulting application start time: 0x01d17aeda652569d Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: e3fee17d-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:29 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1728 Faulting application start time: 0x01d17aeda6eaaeae Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: e497398e-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:30 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1bdc Faulting application start time: 0x01d17aeda78306c0 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: e52f91a0-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:31 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1d4 Faulting application start time: 0x01d17aeda81dc031 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: e5ca4b12-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:32 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1250 Faulting application start time: 0x01d17aeda8b61843 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: e662a323-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:33 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1264 Faulting application start time: 0x01d17aeda94e7055 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: e6fafb35-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:34 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1888 Faulting application start time: 0x01d17aeda9e929c6 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: e795b4a7-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:35 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1564 Faulting application start time: 0x01d17aedaa8181d8 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: e82e0cb8-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:36 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x100c Faulting application start time: 0x01d17aedab19d9e9 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: e8c664ca-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:37 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x1140 Faulting application start time: 0x01d17aedabb4935b Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: e9611e3b-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:38 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xeac Faulting application start time: 0x01d17aedac4ceb6d Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: e9f9764d-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:39 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xfcc Faulting application start time: 0x01d17aedace5437e Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: ea91ce5f-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:40 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0x139c Faulting application start time: 0x01d17aedad7ffcf0 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: eb2c87d0-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 100 | 2016-03-10 17:55:41 | | Application Error | 1000: Faulting application name: dynamiclinkmanager.exe, version: 13.5.0.347, time stamp: 0x55642288 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0x40000015 Fault offset: 0x000a7676 Faulting process id: 0xad4 Faulting application start time: 0x01d17aedae185502 Faulting application path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\dynamiclinkmanager.exe Faulting module path: C:\Program Files\Adobe\Adobe After Effects CC 2015\Support Files\32\MSVCR120.dll Report Id: ebc4dfe2-e6e0-11e5-a6fe-d8fc93a1b0cf
|
| | Application | Erreur | 101 | 2016-03-10 18:18:21 | | Application Hang | 1002: The program IEXPLORE.EXE version 11.0.9600.17728 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ec4 Start Time: 01d17af0d1db05fc Termination Time: 16 Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE Report Id: 14c87a58-e6e4-11e5-a6fe-d8fc93a1b0cf
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 20:23:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x57b0789 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1047 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 20:23:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x57b079e Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1048 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 20:24:07 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x57b0789 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 20:24:07 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x57b079e Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 20:35:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x593cd85 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1066 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 20:35:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x593cd96 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1067 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 20:36:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x593cd85 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 20:36:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x593cd96 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 20:47:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5aca5de Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1072 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 20:47:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5aca5fe Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1073 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 20:48:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5aca5de Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 20:48:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5aca5fe Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 20:59:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5c5af27 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1074 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 20:59:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5c5af42 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1075 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 21:00:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5c5af27 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 21:00:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5c5af42 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 21:11:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5e24529 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1080 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 21:11:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5e24547 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1081 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 21:12:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5e24529 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 21:12:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5e24547 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 21:23:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5ff1cbf Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1082 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 21:23:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5ff1cdc Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1083 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 21:24:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5ff1cbf Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 21:24:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5ff1cdc Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 21:35:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x61a639e Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1088 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 21:35:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x61a64d1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1089 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 21:36:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x61a639e Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 21:36:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x61a64d1 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 21:47:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x6339451 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1094 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 21:47:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x633947a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1095 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 21:48:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x6339451 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 21:48:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x633947a Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 21:59:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x64f2f60 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1096 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 21:59:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x64f2f7c Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1097 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 22:00:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x64f2f60 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 22:00:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x64f2f7c Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 22:11:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x66bd148 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1102 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 22:11:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x66bd175 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1103 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 22:12:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x66bd148 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 22:12:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x66bd175 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 22:23:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x68a8620 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1104 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 22:23:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x68a8641 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1105 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 22:24:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x68a8620 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 22:24:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x68a8641 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 22:35:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x6c133e6 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1474 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 22:35:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x6c133f9 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1476 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 22:36:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x6c133e6 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 22:36:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x6c133f9 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 22:47:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x6db1596 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1756 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 22:47:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x6db15dd Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1757 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 22:48:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x6db1596 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 22:48:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x6db15dd Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 22:59:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x6f35483 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 2414 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 22:59:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x6f35494 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 2415 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 23:00:07 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x6f35483 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 23:00:07 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x6f35494 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 23:11:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x70d8801 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 2561 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 23:11:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x70d8811 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 2562 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 23:12:07 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x70d8801 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 23:12:07 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x70d8811 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 23:23:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x73691b0 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 2948 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 23:23:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x73691c9 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 2949 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 23:24:07 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x73691b0 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 23:24:07 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x73691c9 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 23:31:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-03 23:31:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 23:35:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x754ef1c Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3207 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 23:35:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x754f05f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3208 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 23:36:07 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x754ef1c Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 23:36:07 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x754f05f Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 23:47:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x77504b2 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3213 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 23:47:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x77504cb Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3214 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 23:48:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x77504b2 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-03 23:48:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x77504cb Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 23:59:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7924596 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3215 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-03 23:59:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x79245ac Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3216 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 00:00:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7924596 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 00:00:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x79245ac Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 00:11:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7af0cd8 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3221 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 00:11:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7af0cee Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3222 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 00:12:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7af0cd8 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 00:12:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7af0cee Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 00:23:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7cd1065 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3223 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 00:23:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7cd108e Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3224 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 00:24:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7cd1065 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 00:24:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7cd108e Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 00:35:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7e9fbc9 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3229 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 00:35:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7e9fbf4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3230 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 00:36:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7e9fbc9 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 00:36:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7e9fbf4 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 00:47:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x806de9c Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3235 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 00:47:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x806deca Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3236 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 00:48:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x806de9c Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 00:48:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x806deca Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 00:59:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x82445a8 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3237 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 00:59:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x82445d2 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3238 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 01:00:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x82445a8 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 01:00:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x82445d2 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 01:11:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x841b131 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3243 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 01:11:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x841b18f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3244 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 01:12:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x841b131 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 01:12:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x841b18f Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 01:23:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x85ef0b4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3245 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 01:23:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x85ef0d0 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3246 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 01:24:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x85ef0b4 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 01:24:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x85ef0d0 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 01:35:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x87c0eb9 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3251 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 01:35:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x87c0edc Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3252 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 01:36:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x87c0eb9 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 01:36:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x87c0edc Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 01:48:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x89c1e70 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3257 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 01:48:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x89c1e93 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3258 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 01:48:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x89c1e70 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 01:48:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x89c1e93 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 02:00:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x8b95ddc Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3260 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 02:00:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x8b95dfa Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3261 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 02:00:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x8b95ddc Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 02:00:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x8b95dfa Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 02:12:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x8d73548 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3267 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 02:12:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x8d73567 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3268 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 02:12:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x8d73548 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 02:12:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x8d73567 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 02:24:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x8f51a05 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3269 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 02:24:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x8f51a26 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3270 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 02:24:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x8f51a05 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 02:24:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x8f51a26 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 02:36:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x912368d Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3275 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 02:36:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x91236a8 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3276 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 02:36:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x912368d Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 02:36:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x91236a8 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 02:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x9319859 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3281 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 02:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x9319879 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3282 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 02:48:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x9319859 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 02:48:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x9319879 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 03:00:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x94ef4e2 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3283 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 03:00:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x94ef515 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3284 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 03:00:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x94ef4e2 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 03:00:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x94ef515 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 03:12:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x9732f56 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3289 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 03:12:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x9732fba Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3290 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 03:12:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x9732f56 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 03:12:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x9732fba Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 03:24:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x99541c7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3291 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 03:24:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x9954219 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 3292 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 03:24:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x99541c7 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 03:24:13 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x9954219 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 03:30:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-04 03:30:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 03:30:56 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x292ff This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Sécurité | Audit Success | 103 | 2016-03-04 03:30:58 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Sécurité | Audit Success | 12288 | 2016-03-04 08:33:21 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Sécurité | Audit Success | 12290 | 2016-03-04 08:33:21 | | Microsoft-Windows-Security-Auditing | 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 08:33:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 08:33:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 08:33:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 08:33:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 08:33:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 08:33:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 08:33:21 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Alienware Account Domain: LITOPC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 08:33:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x2948a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: LITOPC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 08:33:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-04 08:33:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-04 08:33:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-04 08:33:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-04 08:33:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-04 08:33:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-04 08:33:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x2948a Privileges: SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-04 08:33:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 13568 | 2016-03-04 08:33:21 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xdc0a
|
| | Sécurité | Audit Success | 12292 | 2016-03-04 08:33:22 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Sécurité | Audit Success | 12292 | 2016-03-04 08:33:22 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Sécurité | Audit Failure | 12290 | 2016-03-04 08:33:24 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-04 08:33:24 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-04 08:33:24 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-04 08:33:24 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 08:33:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 08:33:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-04 08:33:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-04 08:33:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 08:33:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3e1de Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 08:33:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-04 08:33:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-04 08:33:31 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-04 08:33:31 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-04 08:33:31 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-04 08:33:31 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 08:35:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 08:35:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-04 08:35:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-04 08:35:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 08:48:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x548a32 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1060 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 08:48:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x548a47 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1061 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 08:49:04 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x548a32 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 08:49:04 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x548a47 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 09:00:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x771135 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1066 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 09:00:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x771146 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1067 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 09:01:04 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x771135 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 09:01:04 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x771146 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 09:12:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x8c8f94 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1068 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 09:12:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x8c8fa4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1069 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 09:13:04 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x8c8f94 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 09:13:04 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x8c8fa4 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 09:24:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xa22523 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1074 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 09:24:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xa2265e Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1075 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 09:25:04 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xa22523 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 09:25:04 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xa2265e Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 09:36:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xb7db03 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1080 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 09:36:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xb7db13 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1081 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 09:37:04 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xb7db03 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 09:37:04 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xb7db13 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 09:48:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xcd7b2b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1082 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 09:48:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xcd7b3b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1083 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 09:49:04 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xcd7b2b Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 09:49:04 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xcd7b3b Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 10:00:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xe2ddd6 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1088 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 10:00:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xe2dde6 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1089 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 10:01:04 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xe2ddd6 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 10:01:04 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xe2dde6 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 10:12:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xf87678 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1090 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 10:12:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xf87688 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1091 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 10:13:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xf87678 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 10:13:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xf87688 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 10:24:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x126a520 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1096 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 10:24:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x126a535 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1097 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 10:25:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x126a520 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 10:25:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x126a535 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 10:36:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1562442 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1102 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 10:36:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1562452 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1103 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 10:37:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1562442 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 10:37:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1562452 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 10:48:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x183b700 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1104 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 10:48:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x183b714 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1105 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 10:49:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x183b700 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 10:49:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x183b714 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 11:00:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1b2cc24 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1110 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 11:00:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1b2cc39 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1111 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 11:01:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1b2cc24 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 11:01:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1b2cc39 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 11:12:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d9b33f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1112 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 11:12:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d9b34f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1113 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 11:13:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d9b33f Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 11:13:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d9b34f Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 11:24:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1f955b2 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1118 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 11:24:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1f95608 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1119 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 11:25:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1f955b2 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 11:25:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1f95608 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 11:36:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x217bd35 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1124 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 11:36:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x217bd46 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1125 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 11:37:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x217bd35 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 11:37:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x217bd46 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 11:48:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x22f3aca Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1126 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 11:48:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x22f3ade Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1127 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 11:49:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x22f3aca Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 11:49:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x22f3ade Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 12:00:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2496bb2 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1132 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 12:00:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2496c03 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1133 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 12:01:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2496bb2 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 12:01:10 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2496c03 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 12:16:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-04 12:16:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-04 15:10:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-04 15:10:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12545 | 2016-03-04 15:10:30 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x2948a This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Sécurité | Audit Success | 103 | 2016-03-04 15:10:33 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Sécurité | Audit Success | 12288 | 2016-03-05 10:56:23 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Sécurité | Audit Success | 12290 | 2016-03-05 10:56:23 | | Microsoft-Windows-Security-Auditing | 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
|
| | Sécurité | Audit Success | 12544 | 2016-03-05 10:56:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-05 10:56:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-05 10:56:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-05 10:56:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-05 10:56:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-05 10:56:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-05 10:56:23 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Alienware Account Domain: LITOPC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x270 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Sécurité | Audit Success | 12544 | 2016-03-05 10:56:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x29544 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x270 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: LITOPC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-05 10:56:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-05 10:56:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-05 10:56:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-05 10:56:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-05 10:56:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-05 10:56:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-05 10:56:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x29544 Privileges: SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-05 10:56:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 13568 | 2016-03-05 10:56:23 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xdc1d
|
| | Sécurité | Audit Success | 12292 | 2016-03-05 10:56:24 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Sécurité | Audit Success | 12292 | 2016-03-05 10:56:24 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Sécurité | Audit Failure | 12290 | 2016-03-05 10:56:26 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-05 10:56:26 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-05 10:56:26 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-05 10:56:26 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-05 10:56:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-05 10:56:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-05 10:56:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-05 10:56:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-05 10:56:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4416f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-05 10:56:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-05 10:56:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-05 10:56:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-05 10:56:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-05 10:56:32 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-05 10:56:32 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-05 10:56:32 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-05 10:56:32 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-05 10:58:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-05 10:58:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-05 10:58:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-05 10:58:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-05 11:40:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-05 11:40:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-05 13:54:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-05 13:54:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-05 18:05:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-05 18:05:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12545 | 2016-03-05 18:27:43 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x29544 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Sécurité | Audit Success | 103 | 2016-03-05 18:27:46 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Sécurité | Audit Success | 12288 | 2016-03-06 00:01:09 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Sécurité | Audit Success | 12290 | 2016-03-06 00:01:09 | | Microsoft-Windows-Security-Auditing | 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 00:01:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 00:01:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 00:01:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 00:01:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 00:01:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 00:01:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 00:01:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 00:01:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 00:01:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 00:01:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 00:01:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 13568 | 2016-03-06 00:01:09 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xd570
|
| | Sécurité | Audit Success | 12292 | 2016-03-06 00:01:10 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Sécurité | Audit Success | 12292 | 2016-03-06 00:01:10 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 00:01:10 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Alienware Account Domain: LITOPC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 00:01:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28f0c Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: LITOPC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 00:01:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 00:01:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28f0c Privileges: SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 00:01:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 00:01:12 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 00:01:12 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 00:01:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 00:01:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 00:01:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 00:01:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 00:01:13 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 00:01:13 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 00:01:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4271a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 00:01:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 00:01:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 00:01:18 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 00:01:18 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 00:01:18 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 00:01:18 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 00:02:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 00:02:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 00:03:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 00:03:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 00:05:09 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 00:05:09 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 00:05:09 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 00:05:09 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 00:57:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 00:57:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 02:13:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 02:13:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12545 | 2016-03-06 02:28:05 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28f0c This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Sécurité | Audit Success | 103 | 2016-03-06 02:28:07 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Sécurité | Audit Success | 12288 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Sécurité | Audit Success | 12290 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
|
| | Sécurité | Audit Success | 12292 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Alienware Account Domain: LITOPC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x280 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28cfa Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x280 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: LITOPC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28cfa Privileges: SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 13568 | 2016-03-06 10:20:13 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xd36c
|
| | Sécurité | Audit Success | 12292 | 2016-03-06 10:20:14 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 10:20:16 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 10:20:16 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 10:20:16 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 10:20:16 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 10:20:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 10:20:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 10:20:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 10:20:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 10:20:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x454c6 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 10:20:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 10:20:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 10:20:22 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 10:20:22 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 10:20:22 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 10:20:22 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 10:20:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 10:20:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 12:35:20 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 12:35:20 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 12:35:20 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-06 12:35:20 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 12:36:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 12:36:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 18:51:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 18:51:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 23:20:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 23:20:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-06 23:34:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-06 23:34:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 08:36:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 08:36:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 10:00:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 10:00:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 11:13:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 11:13:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 11:18:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 11:18:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 11:20:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 11:20:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 12:24:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 12:24:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 14:02:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 14:02:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 15:50:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 15:50:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12545 | 2016-03-07 15:50:31 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28cfa This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Sécurité | Audit Success | 103 | 2016-03-07 15:50:33 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Sécurité | Audit Success | 12288 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Sécurité | Audit Success | 12290 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
|
| | Sécurité | Audit Success | 12292 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Sécurité | Audit Success | 12292 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Alienware Account Domain: LITOPC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x26a4b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: LITOPC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x26a4b Privileges: SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 13568 | 2016-03-07 22:35:38 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xcb7f
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 22:35:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 22:35:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-07 22:35:41 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-07 22:35:41 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-07 22:35:41 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-07 22:35:41 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 22:35:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 22:35:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 22:35:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x42475 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 22:35:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 22:35:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-07 22:35:47 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-07 22:35:47 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-07 22:35:47 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-07 22:35:47 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 22:37:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 22:37:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-07 22:37:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 22:37:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 22:37:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-07 22:37:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12545 | 2016-03-08 02:01:04 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x26a4b This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Sécurité | Audit Success | 103 | 2016-03-08 02:01:05 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Sécurité | Audit Success | 12288 | 2016-03-08 09:05:09 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Sécurité | Audit Success | 12290 | 2016-03-08 09:05:09 | | Microsoft-Windows-Security-Auditing | 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 09:05:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 09:05:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 09:05:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 09:05:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 09:05:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 09:05:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 09:05:09 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Alienware Account Domain: LITOPC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x270 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 09:05:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28e27 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x270 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: LITOPC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 09:05:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 09:05:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 09:05:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 09:05:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 09:05:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 09:05:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28e27 Privileges: SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 13568 | 2016-03-08 09:05:09 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xd7df
|
| | Sécurité | Audit Success | 12292 | 2016-03-08 09:05:10 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Sécurité | Audit Success | 12292 | 2016-03-08 09:05:10 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 09:05:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 09:05:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-08 09:05:12 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-08 09:05:12 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-08 09:05:12 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-08 09:05:12 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 09:05:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 09:05:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 09:05:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 09:05:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 09:05:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x45a38 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 09:05:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 09:05:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 09:05:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 09:05:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-08 09:05:18 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-08 09:05:18 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-08 09:05:18 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-08 09:05:19 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 09:05:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 09:05:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 09:07:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 09:07:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 09:27:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 09:27:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 09:57:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xfa1e65 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1050 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 09:57:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xfa1eb1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1051 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-08 09:57:51 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xfa1e65 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-08 09:57:51 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0xfa1eb1 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 10:09:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x11b3b91 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1800 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 10:09:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x11b3ba5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 1801 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-08 10:09:51 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x11b3b91 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-08 10:09:51 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x11b3ba5 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 15:02:51 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 15:02:51 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 15:07:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 15:07:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 15:46:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 15:46:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 17:02:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 17:02:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 19:34:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 19:34:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-08 20:04:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-08 20:04:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-09 00:54:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-09 00:54:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12545 | 2016-03-09 04:01:25 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28e27 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Sécurité | Audit Success | 103 | 2016-03-09 04:01:29 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Sécurité | Audit Success | 12288 | 2016-03-09 09:34:50 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Sécurité | Audit Success | 12290 | 2016-03-09 09:34:50 | | Microsoft-Windows-Security-Auditing | 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
|
| | Sécurité | Audit Success | 12544 | 2016-03-09 09:34:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-09 09:34:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-09 09:34:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-09 09:34:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-09 09:34:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-09 09:34:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-09 09:34:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-09 09:34:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-09 09:34:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-09 09:34:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-09 09:34:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 13568 | 2016-03-09 09:34:50 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xd8a6
|
| | Sécurité | Audit Success | 12292 | 2016-03-09 09:34:51 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Sécurité | Audit Success | 12292 | 2016-03-09 09:34:51 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Sécurité | Audit Success | 12544 | 2016-03-09 09:34:51 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Alienware Account Domain: LITOPC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x270 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Sécurité | Audit Success | 12544 | 2016-03-09 09:34:51 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x2911b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x270 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: LITOPC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-09 09:34:51 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-09 09:34:51 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x2911b Privileges: SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-09 09:34:51 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-09 09:34:53 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-09 09:34:53 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-09 09:34:53 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-09 09:34:53 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-09 09:34:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-09 09:34:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-09 09:34:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-09 09:34:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-09 09:34:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x43bea Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-09 09:34:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-09 09:34:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-09 09:34:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-09 09:34:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-09 09:34:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-09 09:34:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-09 09:34:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-09 09:34:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-09 09:35:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-09 09:35:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-09 09:36:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-09 09:36:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12545 | 2016-03-09 09:58:56 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x2911b This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Sécurité | Audit Success | 103 | 2016-03-09 09:58:59 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Sécurité | Audit Success | 12288 | 2016-03-10 08:58:24 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Sécurité | Audit Success | 12290 | 2016-03-10 08:58:24 | | Microsoft-Windows-Security-Auditing | 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 08:58:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 08:58:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 08:58:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 08:58:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 08:58:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 08:58:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 08:58:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 08:58:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 08:58:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 08:58:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 08:58:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 13568 | 2016-03-10 08:58:24 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xd556
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 08:58:25 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 08:58:25 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 08:58:25 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Alienware Account Domain: LITOPC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x280 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 08:58:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28d2e Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x280 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: LITOPC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 08:58:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 08:58:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28d2e Privileges: SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 08:58:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 08:58:27 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 08:58:27 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 08:58:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 08:58:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 08:58:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 08:58:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 08:58:28 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 08:58:28 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 08:58:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x42803 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 08:58:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 08:58:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 08:58:33 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 08:58:33 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 08:58:33 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 08:58:33 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 09:00:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 09:00:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 09:00:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 09:00:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 09:11:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 09:11:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 10:45:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 10:45:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 10:47:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 10:47:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 11:49:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 11:49:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 13:56:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 13:56:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:11:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:11:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:11:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:11:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:16:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:16:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12290 | 2016-03-10 15:16:55 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 304ffb2c-ac68-4095-bdde-9356f56de563 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Sécurité | Audit Success | 12290 | 2016-03-10 15:16:55 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 8b0bb180-ff61-45f6-8da9-b057aff8c53f Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Sécurité | Audit Success | 12290 | 2016-03-10 15:16:55 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 00c69e4a-d8a9-4d85-a730-9c11a5b75875 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 15:16:55 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 304ffb2c-ac68-4095-bdde-9356f56de563 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d0e960ff97769740eb028b8ad4df1d6b_2987035f-fea4-4b78-a5dc-5640597a05cd Operation: %%2458 Return Code: 0x0
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 15:16:55 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 8b0bb180-ff61-45f6-8da9-b057aff8c53f Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\7de60dfe5ef2ffb7c89a4df465eb9e68_2987035f-fea4-4b78-a5dc-5640597a05cd Operation: %%2458 Return Code: 0x0
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 15:16:55 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 00c69e4a-d8a9-4d85-a730-9c11a5b75875 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\fbbb0de9f1c227fda994904cceb0c1ff_2987035f-fea4-4b78-a5dc-5640597a05cd Operation: %%2458 Return Code: 0x0
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:20:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:20:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:20:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:20:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 103 | 2016-03-10 15:21:23 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Sécurité | Audit Success | 12545 | 2016-03-10 15:21:23 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28d2e This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Sécurité | Audit Success | 12288 | 2016-03-10 15:25:25 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Sécurité | Audit Success | 12290 | 2016-03-10 15:25:25 | | Microsoft-Windows-Security-Auditing | 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:25:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:25:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:25:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:25:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:25:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:25:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:25:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:25:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:25:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:25:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:25:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 13568 | 2016-03-10 15:25:25 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xcd55
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 15:25:26 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 15:25:26 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:25:26 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Alienware Account Domain: LITOPC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x278 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:25:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28a59 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x278 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: LITOPC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:25:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:25:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28a59 Privileges: SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:25:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:25:28 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:25:28 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:25:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:25:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:25:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:25:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:25:29 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:25:29 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:25:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4eb51 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:26:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:26:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:26:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:26:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:26:33 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:26:33 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:26:33 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:26:33 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:26:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:26:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:28:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:28:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:30:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:30:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:34:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x260 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:34:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12545 | 2016-03-10 15:34:55 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28a59 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Sécurité | Audit Success | 103 | 2016-03-10 15:34:56 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Sécurité | Audit Success | 12288 | 2016-03-10 15:35:32 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Sécurité | Audit Success | 12290 | 2016-03-10 15:35:32 | | Microsoft-Windows-Security-Auditing | 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:35:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:35:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:35:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:35:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:35:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:35:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:35:32 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Alienware Account Domain: LITOPC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:35:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28958 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: LITOPC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:35:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:35:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:35:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:35:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:35:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:35:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:35:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28958 Privileges: SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:35:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 13568 | 2016-03-10 15:35:32 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xd466
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 15:35:33 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 15:35:33 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:35:35 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:35:35 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:35:35 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:35:35 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:35:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:35:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:35:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:35:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:35:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3f695 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:36:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:36:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:36:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:36:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:36:41 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:36:41 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:36:41 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:36:41 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:36:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:36:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:41:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:41:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:45:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:45:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:46:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:46:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:52:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x10c6b54 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 2074 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:52:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x10c6f0b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: AXEL-PC Source Network Address: 192.168.1.67 Source Port: 2075 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-10 15:52:19 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x10c6b54 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12545 | 2016-03-10 15:52:19 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x10c6f0b Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:54:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:54:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 103 | 2016-03-10 15:54:39 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Sécurité | Audit Success | 12545 | 2016-03-10 15:54:39 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28958 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Sécurité | Audit Success | 12288 | 2016-03-10 15:56:20 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Sécurité | Audit Success | 12290 | 2016-03-10 15:56:20 | | Microsoft-Windows-Security-Auditing | 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:56:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:56:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:56:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:56:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:56:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:56:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:56:20 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Alienware Account Domain: LITOPC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:56:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28f5a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: LITOPC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:56:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:56:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:56:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:56:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:56:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:56:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:56:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28f5a Privileges: SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:56:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 13568 | 2016-03-10 15:56:20 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xd4cc
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 15:56:21 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 15:56:21 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:56:23 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:56:23 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:56:23 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:56:23 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:56:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:56:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:56:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:56:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:56:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3fda4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:57:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:57:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:57:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:57:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:57:28 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:57:28 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:57:28 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 15:57:28 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 15:57:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 15:57:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:02:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:02:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:13:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:13:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:15:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:15:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12545 | 2016-03-10 16:15:13 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28f5a This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Sécurité | Audit Success | 103 | 2016-03-10 16:15:14 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Sécurité | Audit Success | 12288 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Sécurité | Audit Success | 12290 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Alienware Account Domain: LITOPC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x270 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28ad5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x270 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: LITOPC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28ad5 Privileges: SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 13568 | 2016-03-10 16:15:56 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xd450
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 16:15:57 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:15:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:15:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:15:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:15:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:15:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:15:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:15:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:15:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:16:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3fdad Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:16:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:16:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:16:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:16:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:17:04 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:17:04 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:17:04 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:17:04 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:17:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:17:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:20:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:20:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12545 | 2016-03-10 16:21:08 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28ad5 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Sécurité | Audit Success | 103 | 2016-03-10 16:21:12 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Sécurité | Audit Success | 12288 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Sécurité | Audit Success | 12290 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Alienware Account Domain: LITOPC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28ec9 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: LITOPC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28ec9 Privileges: SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 13568 | 2016-03-10 16:28:31 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xd4ca
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 16:28:32 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:28:34 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:28:34 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:28:34 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:28:34 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:28:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:28:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:28:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:28:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:28:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3ff25 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:29:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:29:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:29:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:29:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:29:39 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:29:39 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:29:39 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:29:39 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:29:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:29:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:34:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:34:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:37:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:37:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:41:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:41:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:46:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x264 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:46:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12545 | 2016-03-10 16:46:28 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28ec9 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Sécurité | Audit Success | 103 | 2016-03-10 16:46:29 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Sécurité | Audit Success | 12288 | 2016-03-10 16:48:17 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Sécurité | Audit Success | 12290 | 2016-03-10 16:48:17 | | Microsoft-Windows-Security-Auditing | 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:48:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:48:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:48:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:48:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:48:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:48:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:48:17 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Alienware Account Domain: LITOPC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x270 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:48:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28c72 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x270 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: LITOPC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:48:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:48:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:48:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:48:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:48:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:48:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:48:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28c72 Privileges: SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:48:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 13568 | 2016-03-10 16:48:17 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xd502
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 16:48:18 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 16:48:18 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:48:20 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:48:20 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:48:20 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:48:20 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:48:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:48:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:48:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:48:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:48:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3ffb3 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:49:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:49:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:49:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:49:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:49:25 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:49:25 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:49:25 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Failure | 12290 | 2016-03-10 16:49:25 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-20 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {978DD257-DAA4-4A5E-BD06-D450192DDAAC} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090010
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:50:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:50:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 16:54:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 16:54:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 17:01:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 17:01:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12290 | 2016-03-10 17:37:55 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 28c7e23e-4951-4265-af66-11db455fb2c7 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Sécurité | Audit Success | 12290 | 2016-03-10 17:37:55 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 28c7e23e-4951-4265-af66-11db455fb2c7 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 17:37:55 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 28c7e23e-4951-4265-af66-11db455fb2c7 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\59b41b73e2c79073cfbda524b9395dc4_2987035f-fea4-4b78-a5dc-5640597a05cd Operation: %%2458 Return Code: 0x0
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 17:37:55 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 28c7e23e-4951-4265-af66-11db455fb2c7 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\59b41b73e2c79073cfbda524b9395dc4_2987035f-fea4-4b78-a5dc-5640597a05cd Operation: %%2458 Return Code: 0x0
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 17:39:39 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28c72 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Guest Account Domain: LITOPC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x1258 Process Name: C:\Windows\explorer.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 17:39:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28c72 Logon Type: 3 New Logon: Security ID: S-1-5-21-3861489235-3654277816-3990546563-501 Account Name: Guest Account Domain: LITOPC Logon ID: 0x19f52b8 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1258 Process Name: C:\Windows\explorer.exe Network Information: Workstation Name: LITOPC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-10 17:39:39 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-501 Account Name: Guest Account Domain: LITOPC Logon ID: 0x19f52b8 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 17:40:00 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28c72 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Guest Account Domain: LITOPC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x1258 Process Name: C:\Windows\explorer.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 17:40:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-1000 Account Name: Alienware Account Domain: LITOPC Logon ID: 0x28c72 Logon Type: 3 New Logon: Security ID: S-1-5-21-3861489235-3654277816-3990546563-501 Account Name: Guest Account Domain: LITOPC Logon ID: 0x1a0ed64 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1258 Process Name: C:\Windows\explorer.exe Network Information: Workstation Name: LITOPC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12545 | 2016-03-10 17:40:00 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-3861489235-3654277816-3990546563-501 Account Name: Guest Account Domain: LITOPC Logon ID: 0x1a0ed64 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 17:42:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 17:42:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 17:44:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 17:44:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 17:44:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 17:44:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 17:46:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 17:46:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 17:46:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 17:46:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 17:52:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 17:52:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 17:54:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 17:54:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 17:58:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 17:58:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 18:04:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 18:04:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12290 | 2016-03-10 18:04:44 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 28c7e23e-4951-4265-af66-11db455fb2c7 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Sécurité | Audit Success | 12290 | 2016-03-10 18:04:44 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 28c7e23e-4951-4265-af66-11db455fb2c7 Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 18:04:44 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 28c7e23e-4951-4265-af66-11db455fb2c7 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\59b41b73e2c79073cfbda524b9395dc4_2987035f-fea4-4b78-a5dc-5640597a05cd Operation: %%2458 Return Code: 0x0
|
| | Sécurité | Audit Success | 12292 | 2016-03-10 18:04:44 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 28c7e23e-4951-4265-af66-11db455fb2c7 Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\59b41b73e2c79073cfbda524b9395dc4_2987035f-fea4-4b78-a5dc-5640597a05cd Operation: %%2458 Return Code: 0x0
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 18:18:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 18:18:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Sécurité | Audit Success | 12544 | 2016-03-10 18:26:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: LITOPC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x258 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Sécurité | Audit Success | 12548 | 2016-03-10 18:26:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
|
| | Système | Avertissement | Aucun(e) | 2016-03-04 03:30:58 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4001: WLAN AutoConfig service has successfully stopped.
|
| | Système | Erreur | Aucun(e) | 2016-03-04 08:33:24 | | Service Control Manager | 7000: The Ricoh xD-Picture Card Driver service failed to start due to the following error: %%1058
|
| | Système | Avertissement | Aucun(e) | 2016-03-04 08:33:24 | | Service Control Manager | 7039: A service process other than the one launched by the Service Control Manager connected when starting the SectionAppend service. The Service Control Manager launched process 1628 and process 1652 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.
|
| | Système | Avertissement | Aucun(e) | 2016-03-04 08:33:26 | | ipnathlp | 34005: The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
|
| | Système | Avertissement | Aucun(e) | 2016-03-04 08:33:31 | SYSTEM | Microsoft-Windows-Wininit | 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
|
| | Système | Avertissement | 212 | 2016-03-04 10:36:17 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219:
|
| | Système | Avertissement | Aucun(e) | 2016-03-04 15:10:33 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4001: WLAN AutoConfig service has successfully stopped.
|
| | Système | Erreur | Aucun(e) | 2016-03-05 10:56:26 | | Service Control Manager | 7000: The Ricoh xD-Picture Card Driver service failed to start due to the following error: %%1058
|
| | Système | Avertissement | Aucun(e) | 2016-03-05 10:56:26 | | Service Control Manager | 7039: A service process other than the one launched by the Service Control Manager connected when starting the SectionAppend service. The Service Control Manager launched process 1600 and process 1640 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.
|
| | Système | Erreur | Aucun(e) | 2016-03-05 10:56:28 | | Service Control Manager | 7034: The MSI_LiveUpdate_Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Avertissement | Aucun(e) | 2016-03-05 10:56:28 | | ipnathlp | 34005: The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
|
| | Système | Avertissement | Aucun(e) | 2016-03-05 10:56:33 | SYSTEM | Microsoft-Windows-Wininit | 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
|
| | Système | Avertissement | 212 | 2016-03-05 11:40:58 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219:
|
| | Système | Avertissement | Aucun(e) | 2016-03-05 18:27:46 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4001: WLAN AutoConfig service has successfully stopped.
|
| | Système | Erreur | Aucun(e) | 2016-03-06 00:01:12 | | Service Control Manager | 7000: The Ricoh xD-Picture Card Driver service failed to start due to the following error: %%1058
|
| | Système | Avertissement | Aucun(e) | 2016-03-06 00:01:12 | | Service Control Manager | 7039: A service process other than the one launched by the Service Control Manager connected when starting the SectionAppend service. The Service Control Manager launched process 1628 and process 1648 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.
|
| | Système | Avertissement | Aucun(e) | 2016-03-06 00:01:14 | | ipnathlp | 34005: The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
|
| | Système | Avertissement | Aucun(e) | 2016-03-06 00:01:19 | SYSTEM | Microsoft-Windows-Wininit | 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
|
| | Système | Erreur | Aucun(e) | 2016-03-06 00:05:02 | | Service Control Manager | 7034: The NVIDIA Streamer Network Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Avertissement | Aucun(e) | 2016-03-06 02:28:07 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4001: WLAN AutoConfig service has successfully stopped.
|
| | Système | Avertissement | Aucun(e) | 2016-03-06 10:20:15 | | Service Control Manager | 7039: A service process other than the one launched by the Service Control Manager connected when starting the SectionAppend service. The Service Control Manager launched process 1592 and process 1612 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.
|
| | Système | Erreur | Aucun(e) | 2016-03-06 10:20:16 | | Service Control Manager | 7000: The Ricoh xD-Picture Card Driver service failed to start due to the following error: %%1058
|
| | Système | Avertissement | Aucun(e) | 2016-03-06 10:20:18 | | ipnathlp | 34005: The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
|
| | Système | Avertissement | Aucun(e) | 2016-03-06 10:20:23 | SYSTEM | Microsoft-Windows-Wininit | 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
|
| | Système | Avertissement | 212 | 2016-03-06 13:47:52 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219:
|
| | Système | Erreur | Aucun(e) | 2016-03-06 19:56:13 | | nvlddmkm | 13:
|
| | Système | Erreur | Aucun(e) | 2016-03-06 19:56:13 | | nvlddmkm | 13:
|
| | Système | Erreur | Aucun(e) | 2016-03-06 19:58:20 | | nvlddmkm | 13:
|
| | Système | Erreur | Aucun(e) | 2016-03-06 19:58:20 | | nvlddmkm | 13:
|
| | Système | Avertissement | Aucun(e) | 2016-03-07 09:11:28 | NETWORK SERVICE | Microsoft-Windows-DNS-Client | 1014: Name resolution for the name client-s.gateway.messenger.live.com timed out after none of the configured DNS servers responded.
|
| | Système | Erreur | Aucun(e) | 2016-03-07 10:00:00 | | Disk | 11: The driver detected a controller error on \Device\Harddisk3\DR3.
|
| | Système | Erreur | Aucun(e) | 2016-03-07 10:00:01 | | Disk | 11: The driver detected a controller error on \Device\Harddisk3\DR3.
|
| | Système | Erreur | Aucun(e) | 2016-03-07 10:00:01 | | Disk | 11: The driver detected a controller error on \Device\Harddisk3\DR3.
|
| | Système | Erreur | Aucun(e) | 2016-03-07 10:00:02 | | Disk | 11: The driver detected a controller error on \Device\Harddisk3\DR3.
|
| | Système | Avertissement | Aucun(e) | 2016-03-07 12:37:13 | LOCAL SERVICE | Microsoft-Windows-Time-Service | 36: The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.
|
| | Système | Avertissement | Aucun(e) | 2016-03-07 15:50:33 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4001: WLAN AutoConfig service has successfully stopped.
|
| | Système | Avertissement | Aucun(e) | 2016-03-07 22:35:40 | | Service Control Manager | 7039: A service process other than the one launched by the Service Control Manager connected when starting the SectionAppend service. The Service Control Manager launched process 1676 and process 1708 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.
|
| | Système | Erreur | Aucun(e) | 2016-03-07 22:35:41 | | Service Control Manager | 7000: The Ricoh xD-Picture Card Driver service failed to start due to the following error: %%1058
|
| | Système | Avertissement | Aucun(e) | 2016-03-07 22:35:43 | | ipnathlp | 34005: The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
|
| | Système | Avertissement | Aucun(e) | 2016-03-07 22:35:48 | SYSTEM | Microsoft-Windows-Wininit | 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
|
| | Système | Erreur | Aucun(e) | 2016-03-07 22:37:45 | | Service Control Manager | 7024: The Windows Search service terminated with service-specific error %%-1073473535.
|
| | Système | Erreur | Aucun(e) | 2016-03-07 22:37:45 | | Service Control Manager | 7031: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-07 22:38:15 | | Service Control Manager | 7032: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: %%1056
|
| | Système | Erreur | Aucun(e) | 2016-03-07 23:22:45 | | nvlddmkm | 13:
|
| | Système | Erreur | Aucun(e) | 2016-03-07 23:22:45 | | nvlddmkm | 13:
|
| | Système | Avertissement | Aucun(e) | 2016-03-08 02:01:06 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4001: WLAN AutoConfig service has successfully stopped.
|
| | Système | Erreur | Aucun(e) | 2016-03-08 09:05:12 | | Service Control Manager | 7000: The Ricoh xD-Picture Card Driver service failed to start due to the following error: %%1058
|
| | Système | Avertissement | Aucun(e) | 2016-03-08 09:05:12 | | Service Control Manager | 7039: A service process other than the one launched by the Service Control Manager connected when starting the SectionAppend service. The Service Control Manager launched process 1608 and process 1648 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.
|
| | Système | Avertissement | Aucun(e) | 2016-03-08 09:05:14 | | ipnathlp | 34005: The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
|
| | Système | Erreur | Aucun(e) | 2016-03-08 09:05:16 | | Service Control Manager | 7034: The MSI_LiveUpdate_Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Avertissement | Aucun(e) | 2016-03-08 09:05:19 | SYSTEM | Microsoft-Windows-Wininit | 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
|
| | Système | Avertissement | 212 | 2016-03-08 14:42:57 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219:
|
| | Système | Erreur | Aucun(e) | 2016-03-08 23:52:14 | | nvlddmkm | 13:
|
| | Système | Erreur | Aucun(e) | 2016-03-08 23:52:14 | | nvlddmkm | 13:
|
| | Système | Erreur | Aucun(e) | 2016-03-08 23:52:14 | | nvlddmkm | 13:
|
| | Système | Erreur | Aucun(e) | 2016-03-08 23:52:14 | | nvlddmkm | 13:
|
| | Système | Erreur | Aucun(e) | 2016-03-08 23:52:14 | | nvlddmkm | 13:
|
| | Système | Erreur | Aucun(e) | 2016-03-08 23:52:14 | | nvlddmkm | 13:
|
| | Système | Erreur | Aucun(e) | 2016-03-08 23:54:21 | | nvlddmkm | 13:
|
| | Système | Erreur | Aucun(e) | 2016-03-08 23:54:21 | | nvlddmkm | 13:
|
| | Système | Erreur | Aucun(e) | 2016-03-08 23:55:22 | | nvlddmkm | 13:
|
| | Système | Erreur | Aucun(e) | 2016-03-08 23:55:22 | | nvlddmkm | 13:
|
| | Système | Avertissement | Aucun(e) | 2016-03-09 04:01:29 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4001: WLAN AutoConfig service has successfully stopped.
|
| | Système | Erreur | Aucun(e) | 2016-03-09 09:34:53 | | Service Control Manager | 7000: The Ricoh xD-Picture Card Driver service failed to start due to the following error: %%1058
|
| | Système | Avertissement | Aucun(e) | 2016-03-09 09:34:53 | | Service Control Manager | 7039: A service process other than the one launched by the Service Control Manager connected when starting the SectionAppend service. The Service Control Manager launched process 1596 and process 1636 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.
|
| | Système | Avertissement | Aucun(e) | 2016-03-09 09:34:55 | | ipnathlp | 34005: The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
|
| | Système | Erreur | Aucun(e) | 2016-03-09 09:34:57 | | Service Control Manager | 7034: The MSI_LiveUpdate_Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Avertissement | Aucun(e) | 2016-03-09 09:35:00 | SYSTEM | Microsoft-Windows-Wininit | 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
|
| | Système | Avertissement | Aucun(e) | 2016-03-09 09:58:59 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4001: WLAN AutoConfig service has successfully stopped.
|
| | Système | Avertissement | 212 | 2016-03-10 08:58:24 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219:
|
| | Système | Erreur | Aucun(e) | 2016-03-10 08:58:27 | | Service Control Manager | 7000: The Ricoh xD-Picture Card Driver service failed to start due to the following error: %%1058
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 08:58:27 | | Service Control Manager | 7039: A service process other than the one launched by the Service Control Manager connected when starting the SectionAppend service. The Service Control Manager launched process 1612 and process 1624 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 08:58:29 | | ipnathlp | 34005: The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 08:58:34 | SYSTEM | Microsoft-Windows-Wininit | 11: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:15:18 | | Service Control Manager | 7030: The ggbugreport service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:15:19 | | Service Control Manager | 7030: The Winsere service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:16:40 | | Service Control Manager | 7034: The 2B95E443-7330-45DA-83BD-12CEC99D7BA9 service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:16:40 | | Service Control Manager | 7034: The csrcc service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:17:45 | | Service Control Manager | 7031: The BoxoreService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:17:45 | | Service Control Manager | 7032: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the BoxoreService service, but this action failed with the following error: %%1056
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:18:15 | | DCOM | 10010: The server {C68E9BB6-3DBD-4C4B-910B-C5D84A7EBB03} did not register with DCOM within the required timeout.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:18:34 | | Service Control Manager | 7034: The BoxoreService service terminated unexpectedly. It has done this 2 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:19:22 | | Service Control Manager | 7034: The BoxoreService service terminated unexpectedly. It has done this 3 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:11 | | Service Control Manager | 7034: The BoxoreService service terminated unexpectedly. It has done this 4 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:36 | | Service Control Manager | 7034: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:36 | | Service Control Manager | 7034: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:37 | | Service Control Manager | 7031: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:37 | | Service Control Manager | 7034: The Autodesk Application Manager Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:37 | | Service Control Manager | 7034: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:37 | | Service Control Manager | 7034: The AdobeUpdateService service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:37 | | Service Control Manager | 7034: The Adobe Genuine Software Integrity Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:37 | | Service Control Manager | 7034: The Service Bonjour service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:37 | | Service Control Manager | 7034: The SCP DS3 Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:37 | | Service Control Manager | 7034: The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:37 | | Service Control Manager | 7034: The FreemakeVideoCapture service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:37 | | Service Control Manager | 7034: The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:37 | | Service Control Manager | 7034: The Logitech Gaming Registry Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:37 | | Service Control Manager | 7034: The MSI_LiveUpdate_Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:37 | | Service Control Manager | 7034: The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:37 | | Service Control Manager | 7034: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:37 | | Service Control Manager | 7034: The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:37 | | Service Control Manager | 7034: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:37 | | Service Control Manager | 7031: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:37 | | Service Control Manager | 7031: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:38 | | Service Control Manager | 7034: The Bluetooth Device Monitor service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:38 | | Service Control Manager | 7034: The Bluetooth Media Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:38 | | Service Control Manager | 7034: The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:38 | | Service Control Manager | 7034: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:38 | | Service Control Manager | 7031: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:38 | | Service Control Manager | 7031: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:38 | | Service Control Manager | 7034: The Record Megabyte service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:38 | | Service Control Manager | 7034: The Overheat Layout service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:38 | | Service Control Manager | 7034: The Free Space Decimal Point service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:38 | | Service Control Manager | 7031: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:39 | | Service Control Manager | 7034: The PC Speed Up Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:39 | | Service Control Manager | 7034: The WajNetworkEnhancer Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:39 | | Service Control Manager | 7034: The Search Module Update service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:39 | | Service Control Manager | 7031: The GavPDynAiO service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:20:39 | | Service Control Manager | 7034: The BoxoreService service terminated unexpectedly. It has done this 5 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:21:08 | | Service Control Manager | 7032: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: %%1056
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 15:21:24 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4001: WLAN AutoConfig service has successfully stopped.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:25:22 | | volmgr | 49: Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:25:28 | | Service Control Manager | 7000: The Ricoh xD-Picture Card Driver service failed to start due to the following error: %%1058
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 15:25:28 | | Service Control Manager | 7039: A service process other than the one launched by the Service Control Manager connected when starting the SectionAppend service. The Service Control Manager launched process 1688 and process 1744 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 15:26:28 | | ipnathlp | 34005: The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:26:29 | | Service Control Manager | 7034: The MSI_LiveUpdate_Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:44 | | Service Control Manager | 7034: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:44 | | Service Control Manager | 7034: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:44 | | Service Control Manager | 7031: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:44 | | Service Control Manager | 7034: The Autodesk Application Manager Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:44 | | Service Control Manager | 7034: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7034: The AdobeUpdateService service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7034: The Adobe Genuine Software Integrity Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7034: The Service Bonjour service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7034: The SCP DS3 Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7034: The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7034: The FreemakeVideoCapture service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7034: The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7034: The Logitech Gaming Registry Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7034: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7034: The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7034: The WajNetworkEnhancer Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7034: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7031: The GavPDynAiO service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7031: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7031: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7031: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7031: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7034: The Bluetooth Device Monitor service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7034: The Bluetooth Media Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7034: The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:45 | | Service Control Manager | 7034: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:46 | | Service Control Manager | 7031: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:46 | | Service Control Manager | 7024: The Windows Search service terminated with service-specific error %%-1073473535.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:34:46 | | Service Control Manager | 7031: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 15:34:56 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4001: WLAN AutoConfig service has successfully stopped.
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 15:35:34 | | Service Control Manager | 7039: A service process other than the one launched by the Service Control Manager connected when starting the SectionAppend service. The Service Control Manager launched process 1608 and process 1644 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:35:35 | | Service Control Manager | 7000: The Ricoh xD-Picture Card Driver service failed to start due to the following error: %%1058
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 15:36:35 | | ipnathlp | 34005: The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:36:36 | | Service Control Manager | 7034: The MSI_LiveUpdate_Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:45:13 | | Disk | 11: The driver detected a controller error on \Device\Harddisk3\DR3.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:45:14 | | Disk | 11: The driver detected a controller error on \Device\Harddisk3\DR3.
|
| | Système | Avertissement | 212 | 2016-03-10 15:45:14 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219:
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:45:15 | | Disk | 11: The driver detected a controller error on \Device\Harddisk3\DR3.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:45:15 | | Disk | 11: The driver detected a controller error on \Device\Harddisk3\DR3.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:33 | | Service Control Manager | 7034: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:33 | | Service Control Manager | 7034: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:33 | | Service Control Manager | 7031: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:34 | | Service Control Manager | 7034: The Autodesk Application Manager Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:34 | | Service Control Manager | 7034: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:34 | | Service Control Manager | 7034: The AdobeUpdateService service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:34 | | Service Control Manager | 7034: The Adobe Genuine Software Integrity Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:34 | | Service Control Manager | 7034: The Service Bonjour service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:34 | | Service Control Manager | 7034: The SCP DS3 Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:34 | | Service Control Manager | 7034: The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:34 | | Service Control Manager | 7034: The FreemakeVideoCapture service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:34 | | Service Control Manager | 7034: The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:34 | | Service Control Manager | 7034: The Logitech Gaming Registry Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:34 | | Service Control Manager | 7034: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:34 | | Service Control Manager | 7034: The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:34 | | Service Control Manager | 7034: The WajNetworkEnhancer Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:34 | | Service Control Manager | 7034: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:34 | | Service Control Manager | 7031: The GavPDynAiO service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:34 | | Service Control Manager | 7031: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:34 | | Service Control Manager | 7031: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:34 | | Service Control Manager | 7031: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:34 | | Service Control Manager | 7034: The Bluetooth Device Monitor service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:35 | | Service Control Manager | 7034: The Bluetooth Media Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:35 | | Service Control Manager | 7034: The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:35 | | Service Control Manager | 7034: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:35 | | Service Control Manager | 7031: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:35 | | Service Control Manager | 7024: The Windows Search service terminated with service-specific error %%-1073473535.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:54:35 | | Service Control Manager | 7031: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 15:54:40 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4001: WLAN AutoConfig service has successfully stopped.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:56:23 | | Service Control Manager | 7000: The Ricoh xD-Picture Card Driver service failed to start due to the following error: %%1058
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 15:56:23 | | Service Control Manager | 7039: A service process other than the one launched by the Service Control Manager connected when starting the SectionAppend service. The Service Control Manager launched process 1624 and process 1644 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 15:57:23 | | ipnathlp | 34005: The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
|
| | Système | Avertissement | 212 | 2016-03-10 15:57:23 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219:
|
| | Système | Erreur | Aucun(e) | 2016-03-10 15:57:24 | | Service Control Manager | 7034: The MSI_LiveUpdate_Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:13:06 | | Disk | 11: The driver detected a controller error on \Device\Harddisk3\DR4.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:13:07 | | Disk | 11: The driver detected a controller error on \Device\Harddisk3\DR4.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:13:08 | | Disk | 11: The driver detected a controller error on \Device\Harddisk3\DR4.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:13:08 | | Disk | 11: The driver detected a controller error on \Device\Harddisk3\DR4.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:07 | | Service Control Manager | 7034: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:07 | | Service Control Manager | 7034: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:07 | | Service Control Manager | 7031: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:08 | | Service Control Manager | 7034: The Autodesk Application Manager Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:08 | | Service Control Manager | 7034: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:08 | | Service Control Manager | 7034: The AdobeUpdateService service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:08 | | Service Control Manager | 7034: The Adobe Genuine Software Integrity Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:08 | | Service Control Manager | 7034: The Service Bonjour service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:08 | | Service Control Manager | 7034: The SCP DS3 Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:08 | | Service Control Manager | 7034: The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:08 | | Service Control Manager | 7034: The FreemakeVideoCapture service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:08 | | Service Control Manager | 7034: The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:08 | | Service Control Manager | 7034: The Logitech Gaming Registry Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:08 | | Service Control Manager | 7034: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:08 | | Service Control Manager | 7034: The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:08 | | Service Control Manager | 7034: The WajNetworkEnhancer Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:08 | | Service Control Manager | 7034: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:08 | | Service Control Manager | 7031: The GavPDynAiO service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:08 | | Service Control Manager | 7031: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:08 | | Service Control Manager | 7031: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:09 | | Service Control Manager | 7031: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:09 | | Service Control Manager | 7034: The Bluetooth Device Monitor service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:09 | | Service Control Manager | 7034: The Bluetooth Media Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:09 | | Service Control Manager | 7034: The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:09 | | Service Control Manager | 7034: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:09 | | Service Control Manager | 7031: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 16:15:14 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4001: WLAN AutoConfig service has successfully stopped.
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 16:15:58 | | Service Control Manager | 7039: A service process other than the one launched by the Service Control Manager connected when starting the SectionAppend service. The Service Control Manager launched process 1628 and process 1648 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:15:59 | | Service Control Manager | 7000: The Ricoh xD-Picture Card Driver service failed to start due to the following error: %%1058
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 16:16:59 | | ipnathlp | 34005: The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
|
| | Système | Avertissement | 212 | 2016-03-10 16:17:00 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219:
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 16:21:12 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4001: WLAN AutoConfig service has successfully stopped.
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 16:28:33 | | Service Control Manager | 7039: A service process other than the one launched by the Service Control Manager connected when starting the SectionAppend service. The Service Control Manager launched process 1596 and process 1608 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:28:34 | | Service Control Manager | 7000: The Ricoh xD-Picture Card Driver service failed to start due to the following error: %%1058
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 16:29:34 | | ipnathlp | 34005: The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
|
| | Système | Avertissement | 212 | 2016-03-10 16:29:34 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219:
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:22 | | Service Control Manager | 7034: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:22 | | Service Control Manager | 7034: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:22 | | Service Control Manager | 7031: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:22 | | Service Control Manager | 7034: The Autodesk Application Manager Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:22 | | Service Control Manager | 7034: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:22 | | Service Control Manager | 7034: The AdobeUpdateService service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:22 | | Service Control Manager | 7034: The Adobe Genuine Software Integrity Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:22 | | Service Control Manager | 7034: The Service Bonjour service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:22 | | Service Control Manager | 7034: The SCP DS3 Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:22 | | Service Control Manager | 7034: The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:22 | | Service Control Manager | 7034: The FreemakeVideoCapture service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:22 | | Service Control Manager | 7034: The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:22 | | Service Control Manager | 7034: The Logitech Gaming Registry Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:22 | | Service Control Manager | 7034: The MSI_LiveUpdate_Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:22 | | Service Control Manager | 7034: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:23 | | Service Control Manager | 7034: The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:23 | | Service Control Manager | 7034: The WajNetworkEnhancer Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:23 | | Service Control Manager | 7034: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:23 | | Service Control Manager | 7031: The GavPDynAiO service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:23 | | Service Control Manager | 7031: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:23 | | Service Control Manager | 7031: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:23 | | Service Control Manager | 7031: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:23 | | Service Control Manager | 7034: The Bluetooth Device Monitor service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:23 | | Service Control Manager | 7034: The Bluetooth Media Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:23 | | Service Control Manager | 7034: The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:23 | | Service Control Manager | 7034: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:46:23 | | Service Control Manager | 7031: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 16:46:29 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4001: WLAN AutoConfig service has successfully stopped.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 16:48:20 | | Service Control Manager | 7000: The Ricoh xD-Picture Card Driver service failed to start due to the following error: %%1058
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 16:48:20 | | Service Control Manager | 7039: A service process other than the one launched by the Service Control Manager connected when starting the SectionAppend service. The Service Control Manager launched process 1604 and process 1616 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.
|
| | Système | Avertissement | Aucun(e) | 2016-03-10 16:49:20 | | ipnathlp | 34005: The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
|
| | Système | Avertissement | 212 | 2016-03-10 16:49:21 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219:
|
| | Système | Erreur | Aucun(e) | 2016-03-10 17:00:58 | | Disk | 11: The driver detected a controller error on \Device\Harddisk3\DR4.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 17:00:59 | | Disk | 11: The driver detected a controller error on \Device\Harddisk3\DR4.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 17:10:14 | | Service Control Manager | 7034: The WajNetworkEnhancer Service service terminated unexpectedly. It has done this 1 time(s).
|
| | Système | Erreur | Aucun(e) | 2016-03-10 18:16:09 | | Disk | 11: The driver detected a controller error on \Device\Harddisk3\DR6.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 18:16:10 | | Disk | 11: The driver detected a controller error on \Device\Harddisk3\DR6.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 18:26:35 | | Disk | 11: The driver detected a controller error on \Device\Harddisk3\DR7.
|
| | Système | Erreur | Aucun(e) | 2016-03-10 18:26:36 | | Disk | 11: The driver detected a controller error on \Device\Harddisk3\DR7.
|