Препоръчайте ми читав Windows 10 без бъгове и максимално оптимизиран добре работещ

Аватар
impossible
Извън линия
Потребител
Потребител
Мнения: 488
Регистриран на: 15 Юни 2019, 12:41
Се отблагодари: 23 пъти
Получена благодарност: 47 пъти

Препоръчайте ми читав Windows 10 без бъгове и максимално оптимизиран добре работещ

Мнение от impossible » 05 Ное 2020, 13:53

Та реших да си преинсталирам компютъра понеже от известно време крашва
Последно промяна от illusion на 05 Ное 2020, 14:44, променено общо 1 път.
Причина: Темата е преместена в правилният раздел.

Аватар
illusion
Извън линия
Developer
Developer
Мнения: 1796
Регистриран на: 27 Ное 2016, 17:47
Местоположение: CraftVision
Се отблагодари: 151 пъти
Получена благодарност: 358 пъти
Обратна връзка:

Препоръчайте ми читав Windows 10 без бъгове и максимално оптимизиран добре работещ

Мнение от illusion » 05 Ное 2020, 14:36

Как така крашва? Няма как е така да си крашва и да е от Windows.. Кажи с какви характеристики си на компютъра (CPU, GPU, RAM)

Windows 10 го свали от официалният сайт на Microsoft - https://go.microsoft.com/fwlink/?LinkId=691209. От инсталатора можеш да си избереш дали да го инсталираш на компютъра ти или да го качиш на флашка примерно.

Аватар
impossible
Извън линия
Потребител
Потребител
Мнения: 488
Регистриран на: 15 Юни 2019, 12:41
Се отблагодари: 23 пъти
Получена благодарност: 47 пъти

Препоръчайте ми читав Windows 10 без бъгове и максимално оптимизиран добре работещ

Мнение от impossible » 05 Ное 2020, 17:40

В момента съм с Windows7 както знаете вече не се поддържа.
Ами проблема е следния: както си цъкам нещо примерно цс и изведнъж крашва, замръзва екрана след което го рестартирам няколко пъти но монитора не светва след това го изключвам от захранването и го включвам отново и стартира на работния плод но иконите изчезват и пак крашва не можеш да кликнеш никъде и се появява син екран да разбирам, че това е един вид защитна реакция да не изгори нещо!?

image[1].png
image[1].png (79.64 KiB) Преглеждано 2971 пъти
image[1].png
image[1].png (79.64 KiB) Преглеждано 2971 пъти
image [2].png
image [2].png (208.26 KiB) Преглеждано 2971 пъти
image [2].png
image [2].png (208.26 KiB) Преглеждано 2971 пъти
Помислих си, че проблема идва от Драйвърите на видеото ъпдейтнах ги от сайта на AMD.COM

image [3].png
image [3].png (130.72 KiB) Преглеждано 2971 пъти
image [3].png
image [3].png (130.72 KiB) Преглеждано 2971 пъти
image [4].png
image [4].png (159.53 KiB) Преглеждано 2971 пъти
image [4].png
image [4].png (159.53 KiB) Преглеждано 2971 пъти
Но пак същото помислих си, че проблема може да идва от това че нещо последната версия на драйвърите причинява проблема
След това имам на диск старите драйвъри инсталирах ги да видя с тях как ще се държи но уви пак краш.

виждам, че и други хора са имали подобен проблем https://forums.softvisia.com/index.php/ ... %B2%D0%B8/

Това изписва в Event Logs

Код за потвърждение: Избери целия код

Log Name	Event Type	Category	Generated On	User	Source	Description
Application	Error	None	2020-10-29 17:25:56		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-10-29 17:30:02	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-10-29 17:30:02	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-10-29 18:59:39		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-10-29 19:02:46	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-10-29 19:02:46	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-10-29 19:53:30		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-10-29 19:58:28	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-10-29 19:58:28	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Warning	None	2020-10-29 21:44:13	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.       DETAIL -    9 user registry handles leaked from \Registry\User\S-1-5-21-4015017734-987073429-1860001923-1000: Process 1568 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1948 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswToolsSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1948 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswToolsSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1948 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswToolsSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1568 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1568 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 1568 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 1568 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1568 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy   
Application	Warning	None	2020-10-29 21:44:14	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.       DETAIL -    1 user registry handles leaked from \Registry\User\S-1-5-21-4015017734-987073429-1860001923-1000_Classes: Process 1948 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswToolsSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000_CLASSES   
Application	Error	None	2020-10-29 21:46:55		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-10-29 21:51:57	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-10-29 21:51:58	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Warning	None	2020-10-29 22:15:11	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.       DETAIL -    2 user registry handles leaked from \Registry\User\S-1-5-21-4015017734-987073429-1860001923-1000: Process 1364 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1364 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall   
Application	Error	None	2020-10-29 22:17:48		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-10-29 22:20:53	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-10-29 22:20:53	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-10-29 22:52:35		Microsoft-Windows-Defrag	257: Òîìúò (C:) íå å äåôðàãìåíòèðàí, òúé êàòî âúçíèêíà ãðåøêà: Îïòèìèçèðàíåòî íà çàðåæäàíåòî íå ìîæå äà çàâúðøè ïîðàäè ëèïñà íà ñâîáîäíî ìÿñòî. (0x89000019)  
Application	Warning	None	2020-10-30 01:18:12	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.       DETAIL -    6 user registry handles leaked from \Registry\User\S-1-5-21-4015017734-987073429-1860001923-1000: Process 1616 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1616 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1616 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 1616 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 1616 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1616 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\Main   
Application	Error	None	2020-10-30 10:30:27		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-10-30 10:35:13	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-10-30 10:35:13	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Warning	None	2020-10-30 11:52:47	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.       DETAIL -    13 user registry handles leaked from \Registry\User\S-1-5-21-4015017734-987073429-1860001923-1000: Process 1584 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1584 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1584 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1584 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 1584 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts Process 1584 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache Process 1584 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 1584 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Policies Process 1584 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software Process 1584 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1584 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\Main Process 1584 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Explorer Process 1584 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy   
Application	Error	None	2020-10-30 11:55:27		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-10-30 11:59:03	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-10-30 11:59:03	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Warning	None	2020-10-30 12:06:57		Steam Client Service	2: Warning: Updated file "secure_desktop_capture.exe" from version 0x000600070057000f to version 0x0006000c00570000.   
Application	Warning	None	2020-10-30 12:06:57		Steam Client Service	2: Warning: Updated file "drivers.exe" from version 0x0001000000000001 to version 0x0006000000340023.   
Application	Warning	None	2020-10-30 12:06:57		Steam Client Service	2: Warning: Updated file "SteamService.dll" from version 0x000600070057000f to version 0x0006000c00570000.   
Application	Warning	None	2020-10-30 12:38:49	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.       DETAIL -    3 user registry handles leaked from \Registry\User\S-1-5-21-4015017734-987073429-1860001923-1000: Process 1548 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1548 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 4252 (\Device\HarddiskVolume3\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Explorer   
Application	Error	None	2020-10-30 12:41:26		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-10-30 12:45:00	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-10-30 12:45:00	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Warning	None	2020-10-30 13:06:39	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.       DETAIL -    2 user registry handles leaked from \Registry\User\S-1-5-21-4015017734-987073429-1860001923-1000: Process 1612 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1612 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall   
Application	Error	None	2020-10-30 13:09:11		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-10-30 13:13:25	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-10-30 13:13:25	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Warning	None	2020-10-30 19:37:22	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.       DETAIL -    7 user registry handles leaked from \Registry\User\S-1-5-21-4015017734-987073429-1860001923-1000: Process 1492 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1492 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1492 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 1492 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 1492 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1492 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\Main Process 1492 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Explorer   
Application	Error	None	2020-10-30 19:40:03		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-10-30 19:43:35	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-10-30 19:43:35	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Warning	None	2020-10-31 00:01:20	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.       DETAIL -    11 user registry handles leaked from \Registry\User\S-1-5-21-4015017734-987073429-1860001923-1000: Process 1544 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1544 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1544 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1544 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 1544 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache Process 1544 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 1544 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Policies Process 1544 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software Process 1544 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1544 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\Main Process 1544 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy   
Application	Error	None	2020-10-31 19:35:03		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-10-31 19:39:34	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-10-31 19:39:34	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Warning	None	2020-11-01 01:49:16	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.       DETAIL -    5 user registry handles leaked from \Registry\User\S-1-5-21-4015017734-987073429-1860001923-1000: Process 1572 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1572 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1572 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 1572 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 1572 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings   
Application	Error	None	2020-11-01 11:12:06		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-11-01 11:15:18	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-11-01 11:15:18	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-11-01 14:03:20		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-11-01 14:06:36	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-11-01 14:06:36	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-11-01 14:52:11		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-11-01 14:55:17	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-11-01 14:55:17	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-11-01 16:06:19		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-11-01 16:11:14	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-11-01 16:11:14	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Warning	None	2020-11-01 23:43:47	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.       DETAIL -    11 user registry handles leaked from \Registry\User\S-1-5-21-4015017734-987073429-1860001923-1000: Process 1540 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1540 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1540 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1540 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 1540 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache Process 1540 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 1540 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Policies Process 1540 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software Process 1540 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1540 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\Main Process 1540 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy   
Application	Error	None	2020-11-02 08:38:55		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-11-02 08:42:37	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-11-02 08:42:37	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-11-02 09:43:23		Microsoft-Windows-Defrag	257: Òîìúò (C:) íå å äåôðàãìåíòèðàí, òúé êàòî âúçíèêíà ãðåøêà: Îïòèìèçèðàíåòî íà çàðåæäàíåòî íå ìîæå äà çàâúðøè ïîðàäè ëèïñà íà ñâîáîäíî ìÿñòî. (0x89000019)  
Application	Warning	None	2020-11-03 00:24:00	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.       DETAIL -    12 user registry handles leaked from \Registry\User\S-1-5-21-4015017734-987073429-1860001923-1000: Process 1576 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1576 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1576 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1576 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 1576 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache Process 1576 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 1576 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Policies Process 1576 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software Process 1576 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1576 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\Main Process 1576 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Explorer Process 1576 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy   
Application	Error	None	2020-11-03 19:39:26		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-11-03 19:42:52	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-11-03 19:42:52	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Warning	None	2020-11-03 21:30:49	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.       DETAIL -    9 user registry handles leaked from \Registry\User\S-1-5-21-4015017734-987073429-1860001923-1000: Process 1560 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1772 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswToolsSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1772 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswToolsSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1772 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswToolsSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1772 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswToolsSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1560 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1560 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 1560 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 1560 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings   
Application	Warning	None	2020-11-03 21:30:50	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.       DETAIL -    1 user registry handles leaked from \Registry\User\S-1-5-21-4015017734-987073429-1860001923-1000_Classes: Process 1772 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswToolsSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000_CLASSES   
Application	Error	None	2020-11-04 16:33:23		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-11-04 16:38:04	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-11-04 16:38:04	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-11-04 17:02:58		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-11-04 17:06:23	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Error	None	2020-11-04 17:06:23	SYSTEM	Microsoft-Windows-LoadPerf	3006: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.  
Application	Warning	None	2020-11-05 01:30:44	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.       DETAIL -    7 user registry handles leaked from \Registry\User\S-1-5-21-4015017734-987073429-1860001923-1000: Process 1700 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000 Process 1700 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1700 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall Process 1700 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 1700 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1700 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Internet Explorer\Main Process 1700 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4015017734-987073429-1860001923-1000\Software\Microsoft\Windows\CurrentVersion\Explorer   
Application	Error	None	2020-11-05 10:10:48		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2020-11-05 11:05:25		Microsoft-Windows-Defrag	257: Òîìúò (C:) íå å äåôðàãìåíòèðàí, òúé êàòî âúçíèêíà ãðåøêà: Îïòèìèçèðàíåòî íà çàðåæäàíåòî íå ìîæå äà çàâúðøè ïîðàäè ëèïñà íà ñâîáîäíî ìÿñòî. (0x89000019)  
Application	Error	None	2020-11-05 13:51:58		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	100	2020-11-05 14:04:12		Application Error	1000: Èìå íà ïðèëîæåíèå ñ ãðåøêè: Dwm.exe, âåðñèÿ: 6.1.7600.16385, âðåìåâî êëåéìî: 0x4a5bc541  Èìå íà ìîäóë ñ ãðåøêè: msvcrt.dll, âåðñèÿ: 7.0.7601.17744, âðåìåâî êëåéìî: 0x4eeb033f  Êîä íà èçêëþ÷åíèå: 0xc00000fd  Îòìåñòâàíå íà ãðåøêà: 0x00000000000158ba  ÈÄ íà ïðîöåñ íà ãðåøêà: 0x7a4  Íà÷àëåí ÷àñ íà ïðèëîæåíèåòî ñ ãðåøêè: 0x01d6b369e06af6b2  Ïúò íà ïðèëîæåíèåòî ñ ãðåøêè: C:\Windows\system32\Dwm.exe  Ïúò íà ìîäóëà ñ ãðåøêè: C:\Windows\system32\msvcrt.dll  ÈÄ íà äîêëàä: 040ee740-1f5f-11eb-82f9-7085c2348f8a  
Security	Audit Success	12288	2020-10-29 17:24:17		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-10-29 17:24:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 17:24:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 17:24:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 17:24:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-29 17:24:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-10-29 17:24:17		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xba49  
Security	Audit Success	12544	2020-10-29 17:24:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 17:24:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 17:24:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 17:24:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-29 17:24:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-29 17:24:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-29 17:24:21		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-10-29 17:24:21		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-10-29 17:24:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1bbab   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 17:24:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1bbd4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 17:24:21		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1bbab    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 17:24:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 17:24:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-10-29 17:24:43		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-10-29 17:24:44		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-10-29 17:24:49		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 17:24:49		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 17:25:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x4ef46   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 17:26:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 17:26:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-29 17:27:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-29 17:27:00		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-29 17:27:11		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-29 17:27:11		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-29 17:28:11		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-29 17:28:11		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-10-29 17:29:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 17:29:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 17:51:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 17:51:00		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 18:11:14		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 18:11:14		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12288	2020-10-29 18:58:10		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-10-29 18:58:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 18:58:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2cc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 18:58:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2cc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 18:58:10		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-29 18:58:10		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-10-29 18:58:10		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xb257  
Security	Audit Success	12544	2020-10-29 18:58:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2cc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 18:58:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2cc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 18:58:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2cc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 18:58:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-29 18:58:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-29 18:58:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	101	2020-10-29 18:58:12		Microsoft-Windows-Eventlog	1101: Audit events have been dropped by the transport.  0  
Security	Audit Success	12290	2020-10-29 18:58:15		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-10-29 18:58:18		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x32c   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-10-29 18:58:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1de60   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x32c   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 18:58:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1dea6   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x32c   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 18:58:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1de60    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 18:58:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2cc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 18:58:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-10-29 18:58:27		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-10-29 18:58:29		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-10-29 18:58:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2cc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 18:58:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 18:58:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x42a04   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 18:59:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2cc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 18:59:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 19:00:27		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2cc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 19:00:27		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-29 19:00:47		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-29 19:00:47		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-29 19:00:58		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-29 19:00:58		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-29 19:01:59		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-29 19:01:59		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-10-29 19:14:47		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2cc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 19:14:47		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12288	2020-10-29 19:23:46		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-10-29 19:23:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	13568	2020-10-29 19:23:47		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xd518  
Security	Audit Success	12544	2020-10-29 19:23:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x304   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 19:23:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x304   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 19:23:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-29 19:23:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 19:23:49		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x304   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 19:23:49		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x304   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 19:23:49		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x304   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 19:23:49		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-29 19:23:49		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-29 19:23:49		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-29 19:23:52		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	101	2020-10-29 19:23:57		Microsoft-Windows-Eventlog	1101: Audit events have been dropped by the transport.  0  
Security	Audit Success	12544	2020-10-29 19:24:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x304   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 19:24:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-10-29 19:24:04		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-10-29 19:24:06		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-10-29 19:24:06		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x2c8   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-10-29 19:24:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x252ca   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c8   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 19:24:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x25307   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c8   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 19:24:06		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x252ca    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 19:24:24		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x304   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 19:24:24		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12288	2020-10-29 19:51:50		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-10-29 19:51:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 19:51:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 19:51:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 19:51:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-29 19:51:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-10-29 19:51:51		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xc9ae  
Security	Audit Success	12544	2020-10-29 19:51:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 19:51:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 19:51:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 19:51:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 19:51:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-29 19:51:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-29 19:51:55		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-10-29 19:52:00		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x2bc   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-10-29 19:52:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1ef85   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2bc   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 19:52:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1f043   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2bc   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 19:52:00		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1ef85    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	101	2020-10-29 19:52:03		Microsoft-Windows-Eventlog	1101: Audit events have been dropped by the transport.  0  
Security	Audit Success	12544	2020-10-29 19:52:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 19:52:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-10-29 19:52:12		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-10-29 19:52:14		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-10-29 19:52:27		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 19:52:27		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 19:52:47		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x4d4bd   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 19:53:34		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 19:53:34		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-29 19:54:29		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-29 19:54:29		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-29 19:54:39		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-29 19:54:39		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-29 19:55:40		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-29 19:55:40		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-10-29 19:56:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 19:56:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-29 19:56:46		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-29 19:56:46		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-29 19:57:21		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-29 19:57:21		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-10-29 19:58:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 19:58:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-29 20:17:09		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-29 20:17:09		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-29 20:17:10		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-29 20:17:10		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-10-29 21:37:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 21:37:45		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 21:37:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 21:37:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-10-29 21:38:16		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source.    Subject :   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Process:   Process ID: 0x11d0   Process Name: C:\Windows\System32\VSSVC.exe    Event Source:   Source Name: VSSAudit   Event Source ID: 0x598df4  
Security	Audit Success	13568	2020-10-29 21:38:16		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source.    Subject   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Process:   Process ID: 0x11d0   Process Name: C:\Windows\System32\VSSVC.exe    Event Source:   Source Name: VSSAudit   Event Source ID: 0x598df4  
Security	Audit Success	12544	2020-10-29 21:38:39		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x308   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 21:38:39		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13826	2020-10-29 21:40:18		Microsoft-Windows-Security-Auditing	4734: A security-enabled local group was deleted.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Group:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1001   Group Name:  AMD FUEL   Group Domain:  ilia-PC    Additional Information:   Privileges:  -  
Security	Audit Success	12545	2020-10-29 21:44:13		Microsoft-Windows-Security-Auditing	4647: User initiated logoff:    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1f043    This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.  
Security	Audit Success	103	2020-10-29 21:44:24		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.  
Security	Audit Success	12288	2020-10-29 21:45:13		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-10-29 21:45:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	13568	2020-10-29 21:45:14		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xb47c  
Security	Audit Success	12544	2020-10-29 21:45:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2a8   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 21:45:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2a8   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 21:45:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-29 21:45:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 21:45:19		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2a8   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 21:45:19		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2a8   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 21:45:19		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2a8   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 21:45:19		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-29 21:45:19		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-29 21:45:19		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-29 21:45:23		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-10-29 21:45:26		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-10-29 21:45:26		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1c2d2   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 21:45:26		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1c304   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 21:45:26		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1c2d2    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 21:45:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2a8   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 21:45:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-10-29 21:45:39		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-10-29 21:45:41		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-10-29 21:45:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2a8   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 21:45:55		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 21:46:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x46a74   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 21:47:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2a8   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 21:47:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 21:48:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2a8   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 21:48:21		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-29 21:49:45		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-29 21:49:45		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-29 21:49:57		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-29 21:49:57		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-10-29 21:50:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2a8   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 21:50:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 21:50:27		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2a8   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 21:50:27		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 21:50:34		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2a8   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 21:50:34		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-29 21:50:58		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-29 21:50:58		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-10-29 21:52:29		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2a8   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 21:52:29		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-10-29 21:52:44		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source.    Subject :   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Process:   Process ID: 0x364   Process Name: C:\Windows\System32\VSSVC.exe    Event Source:   Source Name: VSSAudit   Event Source ID: 0x185669  
Security	Audit Success	13568	2020-10-29 21:52:44		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source.    Subject   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Process:   Process ID: 0x364   Process Name: C:\Windows\System32\VSSVC.exe    Event Source:   Source Name: VSSAudit   Event Source ID: 0x185669  
Security	Audit Success	13568	2020-10-29 21:53:59		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source.    Subject :   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Process:   Process ID: 0x364   Process Name: C:\Windows\System32\VSSVC.exe    Event Source:   Source Name: VSSAudit   Event Source ID: 0x1cc28d  
Security	Audit Success	13568	2020-10-29 21:53:59		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source.    Subject   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Process:   Process ID: 0x364   Process Name: C:\Windows\System32\VSSVC.exe    Event Source:   Source Name: VSSAudit   Event Source ID: 0x1cc28d  
Security	Audit Success	12544	2020-10-29 21:56:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2a8   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 21:56:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 22:06:34		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2a8   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 22:06:34		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2a8   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 22:06:34		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-29 22:06:34		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 22:06:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2a8   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 22:06:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-10-29 22:07:44		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source.    Subject :   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Process:   Process ID: 0xb0c   Process Name: C:\Windows\System32\VSSVC.exe    Event Source:   Source Name: VSSAudit   Event Source ID: 0x2f1f7f  
Security	Audit Success	13568	2020-10-29 22:07:44		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source.    Subject   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Process:   Process ID: 0xb0c   Process Name: C:\Windows\System32\VSSVC.exe    Event Source:   Source Name: VSSAudit   Event Source ID: 0x2f1f7f  
Security	Audit Success	12545	2020-10-29 22:15:11		Microsoft-Windows-Security-Auditing	4647: User initiated logoff:    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1c304    This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.  
Security	Audit Success	103	2020-10-29 22:15:20		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.  
Security	Audit Success	12288	2020-10-29 22:16:17		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-10-29 22:16:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	13568	2020-10-29 22:16:17		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xaa3f  
Security	Audit Success	12544	2020-10-29 22:16:19		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 22:16:19		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 22:16:20		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 22:16:20		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-29 22:16:22		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-10-29 22:16:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 22:16:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 22:16:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 22:16:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-29 22:16:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-29 22:16:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 22:16:23		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x360   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-10-29 22:16:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1cb3a   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x360   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 22:16:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1cb63   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x360   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 22:16:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1cb3a    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 22:16:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 22:16:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-10-29 22:16:37		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-10-29 22:16:41		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-10-29 22:16:44		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 22:16:44		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 22:17:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x6777d   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-29 22:18:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 22:18:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-29 22:19:06		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-29 22:19:06		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-29 22:19:16		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-29 22:19:16		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-29 22:20:16		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-29 22:20:16		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-10-29 22:20:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 22:20:56		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 22:42:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 22:42:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 22:52:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 22:52:56		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 22:52:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 22:52:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-29 22:53:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-29 22:53:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 00:08:26		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 00:08:26		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 00:08:26		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 00:08:26		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 01:18:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12545	2020-10-30 01:18:12		Microsoft-Windows-Security-Auditing	4647: User initiated logoff:    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1cb63    This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.  
Security	Audit Success	12548	2020-10-30 01:18:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	103	2020-10-30 01:19:17		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.  
Security	Audit Success	12288	2020-10-30 10:28:55		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-10-30 10:28:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 10:28:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 10:28:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 10:28:55		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 10:28:55		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-10-30 10:28:55		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xb48b  
Security	Audit Success	12544	2020-10-30 10:28:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 10:28:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-30 10:28:58		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-10-30 10:28:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 10:28:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 10:28:58		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x3b4   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-10-30 10:28:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1c980   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3b4   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 10:28:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1c9ed   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3b4   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 10:28:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 10:28:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 10:28:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1c980    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 10:29:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 10:29:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-10-30 10:29:15		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-10-30 10:29:15		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-10-30 10:29:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 10:29:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 10:29:26		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x47699   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 10:30:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 10:30:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-30 10:31:50		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 10:31:50		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-30 10:32:02		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 10:32:02		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-30 10:33:03		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 10:33:03		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-30 10:35:33		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 10:35:33		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-10-30 10:42:41		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 10:42:41		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 11:32:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 11:32:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 11:48:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 11:48:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 11:48:24		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 11:48:24		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 11:48:24		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 11:48:24		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-10-30 11:50:02		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source.    Subject :   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Process:   Process ID: 0x1b68   Process Name: C:\Windows\System32\VSSVC.exe    Event Source:   Source Name: VSSAudit   Event Source ID: 0x6bd864  
Security	Audit Success	13568	2020-10-30 11:50:02		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source.    Subject   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Process:   Process ID: 0x1b68   Process Name: C:\Windows\System32\VSSVC.exe    Event Source:   Source Name: VSSAudit   Event Source ID: 0x6bd864  
Security	Audit Success	12545	2020-10-30 11:52:47		Microsoft-Windows-Security-Auditing	4647: User initiated logoff:    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1c9ed    This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.  
Security	Audit Success	103	2020-10-30 11:52:56		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.  
Security	Audit Success	12288	2020-10-30 11:53:58		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-10-30 11:53:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	13568	2020-10-30 11:53:58		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xaf75  
Security	Audit Success	12544	2020-10-30 11:54:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 11:54:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 11:54:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 11:54:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 11:54:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 11:54:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 11:54:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 11:54:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 11:54:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 11:54:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-30 11:54:04		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-10-30 11:54:04		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x35c   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-10-30 11:54:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d5b4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x35c   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 11:54:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d5de   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x35c   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 11:54:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d5b4    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 11:54:07		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 11:54:07		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-10-30 11:54:12		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12544	2020-10-30 11:54:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 11:54:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 11:54:27		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x4a06c   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12292	2020-10-30 11:54:28		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-10-30 11:55:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 11:55:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-30 11:57:02		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 11:57:02		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-30 11:57:14		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 11:57:14		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-30 11:58:14		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 11:58:14		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-10-30 11:58:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 11:58:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 12:17:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 12:17:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 12:17:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 12:17:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 12:28:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 12:28:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 12:28:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 12:28:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 12:28:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 12:28:32		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-10-30 12:29:00		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source.    Subject :   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Process:   Process ID: 0x1c70   Process Name: C:\Windows\System32\VSSVC.exe    Event Source:   Source Name: VSSAudit   Event Source ID: 0x47c084  
Security	Audit Success	13568	2020-10-30 12:29:00		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source.    Subject   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Process:   Process ID: 0x1c70   Process Name: C:\Windows\System32\VSSVC.exe    Event Source:   Source Name: VSSAudit   Event Source ID: 0x47c084  
Security	Audit Success	13568	2020-10-30 12:30:56		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source.    Subject :   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Process:   Process ID: 0x1c70   Process Name: C:\Windows\System32\VSSVC.exe    Event Source:   Source Name: VSSAudit   Event Source ID: 0x54c907  
Security	Audit Success	13568	2020-10-30 12:30:56		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source.    Subject   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Process:   Process ID: 0x1c70   Process Name: C:\Windows\System32\VSSVC.exe    Event Source:   Source Name: VSSAudit   Event Source ID: 0x54c907  
Security	Audit Success	12544	2020-10-30 12:37:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 12:37:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 12:37:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 12:37:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-10-30 12:37:39		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source.    Subject :   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Process:   Process ID: 0x1e28   Process Name: C:\Windows\System32\VSSVC.exe    Event Source:   Source Name: VSSAudit   Event Source ID: 0x6bb74e  
Security	Audit Success	13568	2020-10-30 12:37:39		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source.    Subject   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Process:   Process ID: 0x1e28   Process Name: C:\Windows\System32\VSSVC.exe    Event Source:   Source Name: VSSAudit   Event Source ID: 0x6bb74e  
Security	Audit Success	12544	2020-10-30 12:38:44		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 12:38:44		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12545	2020-10-30 12:38:49		Microsoft-Windows-Security-Auditing	4647: User initiated logoff:    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d5de    This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.  
Security	Audit Success	12544	2020-10-30 12:38:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 12:38:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	103	2020-10-30 12:38:57		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.  
Security	Audit Success	12288	2020-10-30 12:40:01		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-10-30 12:40:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 12:40:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 12:40:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 12:40:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 12:40:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-10-30 12:40:01		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xb314  
Security	Audit Success	12544	2020-10-30 12:40:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 12:40:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 12:40:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 12:40:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 12:40:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 12:40:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-30 12:40:04		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-10-30 12:40:04		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x364   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-10-30 12:40:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d127   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x364   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 12:40:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d1c1   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x364   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 12:40:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d127    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 12:40:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 12:40:06		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-10-30 12:40:10		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-10-30 12:40:15		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-10-30 12:40:27		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 12:40:27		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 12:41:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x5c719   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 12:42:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 12:42:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-30 12:42:59		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 12:42:59		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-30 12:43:09		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 12:43:09		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-30 12:44:10		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 12:44:10		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-30 12:52:33		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 12:52:33		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-30 12:53:43		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 12:53:43		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12545	2020-10-30 13:06:39		Microsoft-Windows-Security-Auditing	4647: User initiated logoff:    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d1c1    This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.  
Security	Audit Success	103	2020-10-30 13:06:45		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.  
Security	Audit Success	12288	2020-10-30 13:07:42		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-10-30 13:07:42		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 13:07:43		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 13:07:43		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 13:07:43		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 13:07:43		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-10-30 13:07:43		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xa51b  
Security	Audit Success	12290	2020-10-30 13:07:45		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-10-30 13:07:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 13:07:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 13:07:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 13:07:45		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x394   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-10-30 13:07:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x17541   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x394   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 13:07:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1756a   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x394   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 13:07:45		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 13:07:45		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 13:07:45		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 13:07:45		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x17541    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 13:07:47		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 13:07:47		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-10-30 13:07:49		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-10-30 13:07:49		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-10-30 13:07:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 13:07:50		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 13:08:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x33b22   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 13:09:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 13:09:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-30 13:10:59		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 13:10:59		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-30 13:11:13		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 13:11:13		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-30 13:12:14		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 13:12:14		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-10-30 13:12:25		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 13:12:25		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 13:48:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 13:48:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 13:48:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 13:48:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 13:48:49		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 13:48:49		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 18:00:36		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 18:00:36		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 18:16:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 18:16:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 19:19:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 19:19:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 19:19:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 19:19:21		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 19:30:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 19:30:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 19:31:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 19:31:56		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 19:31:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 19:31:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2c0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 19:31:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 19:31:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-10-30 19:33:53		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source.    Subject :   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Process:   Process ID: 0x1fd0   Process Name: C:\Windows\System32\VSSVC.exe    Event Source:   Source Name: VSSAudit   Event Source ID: 0xaa241f  
Security	Audit Success	13568	2020-10-30 19:33:53		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source.    Subject   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Process:   Process ID: 0x1fd0   Process Name: C:\Windows\System32\VSSVC.exe    Event Source:   Source Name: VSSAudit   Event Source ID: 0xaa241f  
Security	Audit Success	12545	2020-10-30 19:37:22		Microsoft-Windows-Security-Auditing	4647: User initiated logoff:    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1756a    This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.  
Security	Audit Success	103	2020-10-30 19:37:36		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.  
Security	Audit Success	12288	2020-10-30 19:38:38		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-10-30 19:38:38		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 19:38:38		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 19:38:38		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 19:38:38		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 19:38:38		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-10-30 19:38:38		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xb3ab  
Security	Audit Success	12544	2020-10-30 19:38:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 19:38:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 19:38:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 19:38:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 19:38:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 19:38:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-30 19:38:41		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-10-30 19:38:41		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x368   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-10-30 19:38:41		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d70f   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x368   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 19:38:41		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d738   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x368   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 19:38:41		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d70f    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 19:38:43		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 19:38:43		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-10-30 19:38:46		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-10-30 19:38:46		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-10-30 19:38:47		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 19:38:47		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 19:38:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x4e72a   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 19:40:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 19:40:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-30 19:41:05		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 19:41:05		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-30 19:41:16		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 19:41:16		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-30 19:42:16		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 19:42:16		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-10-30 19:42:49		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 19:42:49		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 19:53:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 19:53:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 20:06:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 20:06:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 20:17:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 20:17:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 20:36:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 20:36:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 20:59:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 20:59:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 21:40:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 21:40:10		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 22:20:09		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-30 22:20:09		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 22:20:09		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-30 22:20:09		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-30 22:20:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 22:20:45		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-30 22:56:13		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 22:56:13		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-10-30 23:01:14		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-30 23:01:14		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-30 23:01:40		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 23:01:40		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-30 23:02:15		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-30 23:02:15		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-10-31 00:00:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-31 00:00:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-31 00:00:00		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-31 00:00:00		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12545	2020-10-31 00:01:20		Microsoft-Windows-Security-Auditing	4647: User initiated logoff:    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d738    This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.  
Security	Audit Success	12544	2020-10-31 00:01:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-31 00:01:21		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	103	2020-10-31 00:01:26		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.  
Security	Audit Success	12288	2020-10-31 19:33:31		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-10-31 19:33:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-31 19:33:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-31 19:33:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-31 19:33:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-31 19:33:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-10-31 19:33:31		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xb5b4  
Security	Audit Success	12290	2020-10-31 19:33:33		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-10-31 19:33:33		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-31 19:33:33		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-31 19:33:33		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-31 19:33:33		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-31 19:33:33		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-31 19:33:33		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-31 19:33:34		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x3b4   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-10-31 19:33:34		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d04b   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3b4   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-31 19:33:34		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d074   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3b4   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-31 19:33:34		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d04b    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-31 19:33:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-31 19:33:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-10-31 19:33:37		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-10-31 19:33:37		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-10-31 19:33:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-31 19:33:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-31 19:33:47		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x4a957   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-31 19:34:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-31 19:34:56		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-10-31 19:36:11		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-31 19:36:11		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-31 19:36:22		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-31 19:36:22		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-10-31 19:37:22		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-10-31 19:37:22		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-10-31 19:38:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-31 19:38:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-31 20:34:07		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-10-31 20:34:07		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-31 20:34:07		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-10-31 20:34:07		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-10-31 21:38:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-10-31 21:38:00		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 00:00:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 00:00:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 00:00:00		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-01 00:00:00		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 01:49:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12545	2020-11-01 01:49:16		Microsoft-Windows-Security-Auditing	4647: User initiated logoff:    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d074    This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.  
Security	Audit Success	12548	2020-11-01 01:49:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	103	2020-11-01 01:49:21		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.  
Security	Audit Success	12288	2020-11-01 11:10:36		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-11-01 11:10:36		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 11:10:36		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 11:10:36		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 11:10:36		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-01 11:10:36		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-11-01 11:10:36		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xb5cc  
Security	Audit Success	12544	2020-11-01 11:10:38		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 11:10:38		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 11:10:38		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 11:10:38		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-01 11:10:38		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-01 11:10:38		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-01 11:10:39		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-11-01 11:10:39		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x3bc   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-11-01 11:10:39		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1cf71   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3bc   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 11:10:39		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1cf9a   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3bc   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 11:10:39		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1cf71    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 11:10:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 11:10:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-11-01 11:10:42		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-11-01 11:10:42		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-11-01 11:10:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 11:10:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 11:11:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x509b5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 11:12:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 11:12:06		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-01 11:13:28		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-01 11:13:28		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-01 11:13:39		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-01 11:13:39		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-01 11:14:39		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-01 11:14:39		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12288	2020-11-01 11:16:58		Microsoft-Windows-Security-Auditing	4616: The system time was changed.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Process Information:   Process ID: 0x494   Name:  C:\Windows\System32\svchost.exe    Previous Time:  2020-11-01T09:16:58.068558400Z  New Time:  2020-11-01T09:16:58.067000000Z    This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.  
Security	Audit Success	12544	2020-11-01 12:11:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 12:11:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 12:11:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 12:11:13		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 13:31:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 13:31:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 13:57:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 13:57:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12288	2020-11-01 14:01:52		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-11-01 14:01:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 14:01:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 14:01:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 14:01:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-01 14:01:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-11-01 14:01:52		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xbbf4  
Security	Audit Success	12290	2020-11-01 14:01:54		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-11-01 14:01:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 14:01:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 14:01:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 14:01:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-01 14:01:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-01 14:01:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 14:01:55		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x374   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-11-01 14:01:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d552   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x374   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 14:01:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d5a9   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x374   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 14:01:55		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d552    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 14:01:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 14:01:56		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-11-01 14:01:58		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-11-01 14:01:59		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-11-01 14:01:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 14:01:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	101	2020-11-01 14:02:01		Microsoft-Windows-Eventlog	1101: Audit events have been dropped by the transport.  0  
Security	Audit Success	12544	2020-11-01 14:02:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x51146   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 14:03:26		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 14:03:26		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-01 14:04:08		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-01 14:04:08		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-01 14:04:19		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-01 14:04:19		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12288	2020-11-01 14:05:19		Microsoft-Windows-Security-Auditing	4616: The system time was changed.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Process Information:   Process ID: 0x490   Name:  C:\Windows\System32\svchost.exe    Previous Time:  2020-11-01T12:05:19.633816500Z  New Time:  2020-11-01T12:05:19.633000000Z    This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.  
Security	Audit Success	12290	2020-11-01 14:05:19		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-01 14:05:19		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-01 14:11:34		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-01 14:11:34		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-11-01 14:13:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 14:13:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 14:44:29		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 14:44:29		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12288	2020-11-01 14:50:53		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-11-01 14:50:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 14:50:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 14:50:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 14:50:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-01 14:50:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-11-01 14:50:54		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xc640  
Security	Audit Success	12290	2020-11-01 14:50:56		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-11-01 14:50:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 14:50:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 14:50:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 14:50:56		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x3b0   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-11-01 14:50:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d965   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3b0   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 14:50:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d9ed   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3b0   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 14:50:56		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-01 14:50:56		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-01 14:50:56		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-01 14:50:56		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d965    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 14:50:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 14:50:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-11-01 14:51:01		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-11-01 14:51:01		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-11-01 14:51:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 14:51:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	101	2020-11-01 14:51:10		Microsoft-Windows-Eventlog	1101: Audit events have been dropped by the transport.  0  
Security	Audit Success	12544	2020-11-01 14:51:34		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x54c14   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 14:52:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 14:52:13		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-01 14:53:03		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-01 14:53:03		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-01 14:53:14		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-01 14:53:14		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-01 14:54:14		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-01 14:54:14		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12288	2020-11-01 14:57:27		Microsoft-Windows-Security-Auditing	4616: The system time was changed.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Process Information:   Process ID: 0x488   Name:  C:\Windows\System32\svchost.exe    Previous Time:  2020-11-01T12:57:27.914797000Z  New Time:  2020-11-01T12:57:27.914000000Z    This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.  
Security	Audit Success	12544	2020-11-01 15:27:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 15:27:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 15:27:49		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 15:27:49		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 15:55:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 15:55:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12288	2020-11-01 16:04:51		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-11-01 16:04:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 16:04:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 16:04:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 16:04:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-01 16:04:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-11-01 16:04:51		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xc528  
Security	Audit Success	12544	2020-11-01 16:04:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 16:04:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 16:04:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 16:04:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-01 16:04:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-01 16:04:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-01 16:04:54		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-11-01 16:04:54		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x3b4   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-11-01 16:04:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1dd5d   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3b4   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 16:04:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1dd86   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3b4   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 16:04:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1dd5d    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 16:04:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 16:04:56		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-11-01 16:04:58		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-11-01 16:04:58		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-11-01 16:04:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 16:04:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	101	2020-11-01 16:05:00		Microsoft-Windows-Eventlog	1101: Audit events have been dropped by the transport.  0  
Security	Audit Success	12544	2020-11-01 16:05:29		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x5324e   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-01 16:06:24		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 16:06:24		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 16:06:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 16:06:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-01 16:07:08		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-01 16:07:08		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-01 16:07:19		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-01 16:07:19		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-01 16:08:19		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-01 16:08:19		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12288	2020-11-01 16:10:18		Microsoft-Windows-Security-Auditing	4616: The system time was changed.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Process Information:   Process ID: 0x490   Name:  C:\Windows\System32\svchost.exe    Previous Time:  2020-11-01T14:10:18.863632800Z  New Time:  2020-11-01T14:10:18.863000000Z    This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.  
Security	Audit Success	12290	2020-11-01 16:12:35		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-01 16:12:35		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-11-01 16:41:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 16:41:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 16:41:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 16:41:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 16:55:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 16:55:32		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 17:51:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 17:51:13		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 18:08:47		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 18:08:47		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 18:29:29		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 18:29:29		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 18:59:39		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 18:59:39		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 19:20:34		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 19:20:34		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 19:33:49		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 19:33:49		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 21:24:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-01 21:24:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-01 23:43:47		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12545	2020-11-01 23:43:47		Microsoft-Windows-Security-Auditing	4647: User initiated logoff:    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1dd86    This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.  
Security	Audit Success	12548	2020-11-01 23:43:47		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	103	2020-11-01 23:43:52		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.  
Security	Audit Success	12288	2020-11-02 08:37:35		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-11-02 08:37:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-02 08:37:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-02 08:37:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-02 08:37:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-02 08:37:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-11-02 08:37:35		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xb51b  
Security	Audit Success	12544	2020-11-02 08:37:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-02 08:37:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-02 08:37:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-02 08:37:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-02 08:37:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-02 08:37:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-02 08:37:38		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-11-02 08:37:38		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x3b8   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-11-02 08:37:38		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1cf7d   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3b8   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-02 08:37:38		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1cfa6   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3b8   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-02 08:37:38		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1cf7d    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-02 08:37:39		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-02 08:37:39		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-11-02 08:37:41		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-11-02 08:37:41		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-11-02 08:37:42		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-02 08:37:42		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-02 08:37:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x49838   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-02 08:38:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-02 08:38:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-02 08:39:41		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-02 08:39:41		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-02 08:39:52		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-02 08:39:52		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-02 08:40:52		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-02 08:40:52		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-02 08:41:47		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-02 08:41:47		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-11-02 08:43:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-02 08:43:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-02 08:44:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-02 08:44:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12288	2020-11-02 08:44:59		Microsoft-Windows-Security-Auditing	4616: The system time was changed.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Process Information:   Process ID: 0x48c   Name:  C:\Windows\System32\svchost.exe    Previous Time:  2020-11-02T06:44:56.902767300Z  New Time:  2020-11-02T06:44:59.735542700Z    This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.  
Security	Audit Success	12288	2020-11-02 08:44:59		Microsoft-Windows-Security-Auditing	4616: The system time was changed.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Process Information:   Process ID: 0x48c   Name:  C:\Windows\System32\svchost.exe    Previous Time:  2020-11-02T06:44:59.754542700Z  New Time:  2020-11-02T06:44:59.754000000Z    This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.  
Security	Audit Success	12288	2020-11-02 08:44:59		Microsoft-Windows-Security-Auditing	4616: The system time was changed.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Process Information:   Process ID: 0x48c   Name:  C:\Windows\System32\svchost.exe    Previous Time:  2020-11-02T06:44:59.762000400Z  New Time:  2020-11-02T06:44:59.762000000Z    This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.  
Security	Audit Success	12544	2020-11-02 09:12:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-02 09:12:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-02 09:37:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-02 09:37:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-02 09:47:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-02 09:47:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-02 09:47:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-02 09:47:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-02 14:27:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-02 14:27:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-02 22:23:11		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-02 22:23:11		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-02 22:26:42		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-02 22:26:42		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-11-02 22:27:07		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-02 22:27:07		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12545	2020-11-03 00:24:00		Microsoft-Windows-Security-Auditing	4647: User initiated logoff:    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1cfa6    This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.  
Security	Audit Success	103	2020-11-03 00:24:07		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.  
Security	Audit Success	12288	2020-11-03 19:37:57		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-11-03 19:37:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-03 19:37:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-03 19:37:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-03 19:37:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-03 19:37:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-11-03 19:37:57		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xb5a2  
Security	Audit Success	12544	2020-11-03 19:37:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-03 19:37:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-03 19:37:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-03 19:37:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-03 19:37:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-03 19:37:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-03 19:38:00		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-11-03 19:38:00		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x3b8   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-11-03 19:38:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d086   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3b8   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-03 19:38:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d0e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3b8   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-03 19:38:00		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d086    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-03 19:38:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-03 19:38:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-11-03 19:38:02		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-11-03 19:38:03		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-11-03 19:38:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-03 19:38:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-03 19:38:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x5d0ca   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-03 19:39:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-03 19:39:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-03 19:41:04		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-03 19:41:04		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12292	2020-11-03 19:41:15		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-03 19:41:16		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12290	2020-11-03 19:42:16		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-03 19:42:16		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-11-03 19:43:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-03 19:43:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-03 20:23:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-03 20:23:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-03 20:23:44		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-03 20:23:44		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-03 20:23:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-03 20:23:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-03 21:23:07		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-03 21:23:07		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-03 21:29:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-03 21:29:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12545	2020-11-03 21:30:49		Microsoft-Windows-Security-Auditing	4647: User initiated logoff:    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d0e4    This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.  
Security	Audit Success	103	2020-11-03 21:30:56		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.  
Security	Audit Success	12288	2020-11-04 16:31:56		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-11-04 16:31:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-04 16:31:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-04 16:31:56		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-11-04 16:31:56		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xb515  
Security	Audit Success	12544	2020-11-04 16:31:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-04 16:31:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-04 16:31:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-04 16:31:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-04 16:31:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-04 16:31:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-04 16:31:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-04 16:31:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-04 16:32:00		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-11-04 16:32:00		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x3b4   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-11-04 16:32:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1c90e   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3b4   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-04 16:32:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1c962   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3b4   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-04 16:32:00		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1c90e    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-04 16:32:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-04 16:32:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-11-04 16:32:05		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-11-04 16:32:05		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-11-04 16:32:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-04 16:32:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-04 16:32:19		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x44bbf   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-04 16:33:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-04 16:33:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-04 16:35:02		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-04 16:35:02		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-04 16:35:13		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-04 16:35:13		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-04 16:36:14		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-04 16:36:14		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-11-04 16:37:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e4   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-04 16:37:06		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12288	2020-11-04 17:01:29		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-11-04 17:01:29		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-04 17:01:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-04 17:01:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-04 17:01:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-04 17:01:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-11-04 17:01:30		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xb685  
Security	Audit Success	12544	2020-11-04 17:01:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-04 17:01:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-04 17:01:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-04 17:01:32		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-04 17:01:32		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-04 17:01:32		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-04 17:01:33		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-11-04 17:01:33		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x3b4   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-11-04 17:01:33		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d92a   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3b4   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-04 17:01:33		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d953   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3b4   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-04 17:01:33		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d92a    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	101	2020-11-04 17:01:38		Microsoft-Windows-Eventlog	1101: Audit events have been dropped by the transport.  0  
Security	Audit Success	12544	2020-11-04 17:01:38		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-04 17:01:38		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-11-04 17:01:39		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-11-04 17:01:40		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-11-04 17:01:47		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-04 17:01:47		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-04 17:02:08		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x4b997   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-04 17:02:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-04 17:02:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-04 17:04:09		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-04 17:04:09		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-04 17:04:19		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-04 17:04:19		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-04 17:05:19		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-04 17:05:19		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-11-04 17:05:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-04 17:05:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-04 17:42:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-04 17:42:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-04 17:42:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-04 17:42:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-04 18:35:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-04 18:35:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-04 21:52:20		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-04 21:52:20		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-04 21:53:15		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-04 21:53:15		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-04 21:53:30		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-04 21:53:30		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-11-05 00:00:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-05 00:00:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 00:00:00		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-05 00:00:00		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-05 01:22:08		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 01:22:08		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12545	2020-11-05 01:30:44		Microsoft-Windows-Security-Auditing	4647: User initiated logoff:    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1d953    This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.  
Security	Audit Success	103	2020-11-05 01:30:55		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.  
Security	Audit Success	12288	2020-11-05 10:09:18		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-11-05 10:09:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-05 10:09:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 10:09:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-11-05 10:09:18		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xb3c8  
Security	Audit Success	12544	2020-11-05 10:09:19		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 10:09:19		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-05 10:09:21		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-11-05 10:09:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-05 10:09:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-05 10:09:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-05 10:09:21		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x3bc   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-11-05 10:09:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1c900   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3bc   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-05 10:09:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1c929   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3bc   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 10:09:21		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-05 10:09:21		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-05 10:09:21		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-05 10:09:21		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1c900    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-05 10:09:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 10:09:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-11-05 10:09:24		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	12292	2020-11-05 10:09:32		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-11-05 10:09:36		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 10:09:36		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-05 10:10:14		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x5a51e   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-05 10:11:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 10:11:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-05 10:12:13		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-05 10:12:13		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-05 10:12:23		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-05 10:12:23		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-05 10:13:24		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-05 10:13:24		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-11-05 10:15:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 10:15:45		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-05 10:59:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 10:59:55		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-05 11:09:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-05 11:09:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 11:09:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-05 11:09:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-05 11:35:35		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-05 11:35:35		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-05 11:39:59		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-05 11:39:59		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-05 11:49:16		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-05 11:49:16		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-11-05 11:54:47		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2e0   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 11:54:47		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12288	2020-11-05 13:50:33		Microsoft-Windows-Security-Auditing	4608: Windows is starting up.    This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.  
Security	Audit Success	12544	2020-11-05 13:50:33		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   0    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x4   Process Name:      Network Information:   Workstation Name: -   Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  -   Authentication Package: -   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-05 13:50:33		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-05 13:50:33		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 13:50:33		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-05 13:50:33		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-20   Account Name:  NETWORK SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e4    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	13568	2020-11-05 13:50:33		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created.    Number of Elements: 0  Policy ID: 0xb9c1  
Security	Audit Success	12290	2020-11-05 13:50:35		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Module:  ncrypt.dll    Return Code: 0x0  
Security	Audit Success	12544	2020-11-05 13:50:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-05 13:50:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-05 13:50:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 13:50:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Privileges:  SeAssignPrimaryTokenPrivilege     SeAuditPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-05 13:50:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12548	2020-11-05 13:50:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-05 13:50:36		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Account Whose Credentials Were Used:   Account Name:  ilia   Account Domain:  ilia-PC   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Target Server:   Target Server Name: localhost   Additional Information: localhost    Process Information:   Process ID:  0x3b4   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Network Address: 127.0.0.1   Port:   0    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.  
Security	Audit Success	12544	2020-11-05 13:50:36		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1ce47   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3b4   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-05 13:50:36		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   2    New Logon:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1ce70   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x3b4   Process Name:  C:\Windows\System32\winlogon.exe    Network Information:   Workstation Name: ILIA-PC   Source Network Address: 127.0.0.1   Source Port:  0    Detailed Authentication Information:   Logon Process:  User32    Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 13:50:36		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-21-4015017734-987073429-1860001923-1000   Account Name:  ilia   Account Domain:  ilia-PC   Logon ID:  0x1ce47    Privileges:  SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-05 13:50:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 13:50:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12292	2020-11-05 13:50:39		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.  
Security	Audit Success	101	2020-11-05 13:50:41		Microsoft-Windows-Eventlog	1101: Audit events have been dropped by the transport.  0  
Security	Audit Success	12292	2020-11-05 13:50:54		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.  
Security	Audit Success	12544	2020-11-05 13:50:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 13:50:55		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-05 13:51:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-0-0   Account Name:  -   Account Domain:  -   Logon ID:  0x0    Logon Type:   3    New Logon:   Security ID:  S-1-5-7   Account Name:  ANONYMOUS LOGON   Account Domain:  NT AUTHORITY   Logon ID:  0x55c87   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x0   Process Name:  -    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  NtLmSsp    Authentication Package: NTLM   Transited Services: -   Package Name (NTLM only): NTLM V1   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12544	2020-11-05 13:52:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 13:52:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-05 13:52:52		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-05 13:52:52		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-05 13:53:02		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-05 13:53:02		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-05 13:54:02		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-05 13:54:02		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: {38DAB204-F4DC-4A28-ADFE-6AD8E246920F}   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\Keys\68e93f6a58fa6d8383e413e60df8a160_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12290	2020-11-05 14:03:55		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-05 14:03:55		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
Security	Audit Success	12544	2020-11-05 14:04:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 14:04:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-05 14:29:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 14:29:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-05 14:42:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 14:42:10		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12544	2020-11-05 14:42:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on.    Subject:   Security ID:  S-1-5-18   Account Name:  ILIA-PC$   Account Domain:  WORKGROUP   Logon ID:  0x3e7    Logon Type:   5    New Logon:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7   Logon GUID:  {00000000-0000-0000-0000-000000000000}    Process Information:   Process ID:  0x2dc   Process Name:  C:\Windows\System32\services.exe    Network Information:   Workstation Name:    Source Network Address: -   Source Port:  -    Detailed Authentication Information:   Logon Process:  Advapi     Authentication Package: Negotiate   Transited Services: -   Package Name (NTLM only): -   Key Length:  0    This event is generated when a logon session is created. It is generated on the computer that was accessed.    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.    The authentication information fields provide detailed information about this specific logon request.   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.   - Transited services indicate which intermediate services have participated in this logon request.   - Package name indicates which sub-protocol was used among the NTLM protocols.   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.  
Security	Audit Success	12548	2020-11-05 14:42:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon.    Subject:   Security ID:  S-1-5-18   Account Name:  SYSTEM   Account Domain:  NT AUTHORITY   Logon ID:  0x3e7    Privileges:  SeAssignPrimaryTokenPrivilege     SeTcbPrivilege     SeSecurityPrivilege     SeTakeOwnershipPrivilege     SeLoadDriverPrivilege     SeBackupPrivilege     SeRestorePrivilege     SeDebugPrivilege     SeAuditPrivilege     SeSystemEnvironmentPrivilege     SeImpersonatePrivilege  
Security	Audit Success	12290	2020-11-05 15:35:27		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: RSA   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Cryptographic Operation:   Operation: %%2480   Return Code: 0x0  
Security	Audit Success	12292	2020-11-05 15:35:27		Microsoft-Windows-Security-Auditing	5058: Key file operation.    Subject:   Security ID:  S-1-5-19   Account Name:  LOCAL SERVICE   Account Domain:  NT AUTHORITY   Logon ID:  0x3e5    Cryptographic Parameters:   Provider Name: Microsoft Software Key Storage Provider   Algorithm Name: %%2432   Key Name: 38d8ca50-6280-41e6-83ed-2dc3ed904b29   Key Type: %%2499    Key File Operation Information:   File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214c0f4ee3df86972f99e91643b5bca6_1344f069-8be5-40af-a4cc-5a6cdd48302e   Operation: %%2458   Return Code: 0x0  
System	Error	None	2020-10-29 17:26:14		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Error	None	2020-10-29 18:58:11		EventLog	6008: The previous system shutdown at 18:15:02 ÷. on ?29.?10.?2020 ?ã. was unexpected.  
System	Error	None	2020-10-29 18:59:39		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Error	None	2020-10-29 19:23:49		EventLog	6008: The previous system shutdown at 19:21:55 ÷. on ?29.?10.?2020 ?ã. was unexpected.  
System	Error	None	2020-10-29 19:51:53		EventLog	6008: The previous system shutdown at 19:24:34 ÷. on ?29.?10.?2020 ?ã. was unexpected.  
System	Error	None	2020-10-29 19:53:34		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Warning	None	2020-10-29 21:44:27	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	10002: WLAN Extensibility Module ñïðÿ.    Ïúò äî ìîäóëà: C:\Windows\system32\Rtlihvs.dll    
System	Warning	None	2020-10-29 21:44:27	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: Óñëóãàòà çà àâòîìàòè÷íî êîíôèãóðèðàíå íà áåçæè÷íàòà ìðåæà å óñïåøíî ñïðÿíà.    
System	Error	None	2020-10-29 21:47:19		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Error	None	2020-10-29 21:48:52		WMPNetworkSvc	14332: Óñëóãàòà "WMPNetworkSvc" íå å ñòàðòèðàíà ïðàâèëíî, ïîíåæå CoCreateInstance(CLSID_UPnPDeviceFinder) îòêðè ãðåøêà "0x80004005". Óâåðåòå ñå, ÷å ñå èçïúëíÿâà óñëóãàòà UPnPHost è ÷å êîìïîíåíòúò UPnPHost íà Windows å èíñòàëèðàí ïðàâèëíî.
System	Warning	None	2020-10-29 22:15:23	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	10002: WLAN Extensibility Module ñïðÿ.    Ïúò äî ìîäóëà: C:\Windows\system32\Rtlihvs.dll    
System	Warning	None	2020-10-29 22:15:23	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: Óñëóãàòà çà àâòîìàòè÷íî êîíôèãóðèðàíå íà áåçæè÷íàòà ìðåæà å óñïåøíî ñïðÿíà.    
System	Error	None	2020-10-29 22:18:06		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Error	None	2020-10-29 22:22:36	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-10-29 22:22:37	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Warning	None	2020-10-30 01:19:18	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	10002: WLAN Extensibility Module ñïðÿ.    Ïúò äî ìîäóëà: C:\Windows\system32\Rtlihvs.dll    
System	Warning	None	2020-10-30 01:19:18	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: Óñëóãàòà çà àâòîìàòè÷íî êîíôèãóðèðàíå íà áåçæè÷íàòà ìðåæà å óñïåøíî ñïðÿíà.    
System	Error	None	2020-10-30 10:30:24		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Error	None	2020-10-30 10:35:16	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-10-30 10:35:17	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Error	None	2020-10-30 10:57:00	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-10-30 10:57:00	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Error	None	2020-10-30 11:39:38	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-10-30 11:39:38	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Error	None	2020-10-30 11:52:05		Service Control Manager	7000: Óñëóãà ACP Kernel Service Driver íå ìîæå äà áúäå ñòàðòèðàíà ïîðàäè ñëåäíàòà ãðåøêà:   %%2  
System	Warning	None	2020-10-30 11:52:59	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	10002: WLAN Extensibility Module ñïðÿ.    Ïúò äî ìîäóëà: C:\Windows\system32\Rtlihvs.dll    
System	Warning	None	2020-10-30 11:52:59	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: Óñëóãàòà çà àâòîìàòè÷íî êîíôèãóðèðàíå íà áåçæè÷íàòà ìðåæà å óñïåøíî ñïðÿíà.    
System	Error	None	2020-10-30 11:54:14		Service Control Manager	7000: Óñëóãà ACP Kernel Service Driver íå ìîæå äà áúäå ñòàðòèðàíà ïîðàäè ñëåäíàòà ãðåøêà:   %%2  
System	Error	None	2020-10-30 11:55:23		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Error	None	2020-10-30 12:01:44	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-10-30 12:01:45	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Error	None	2020-10-30 12:06:56		Service Control Manager	7009: Èçòåêúë ïåðèîä íà èç÷àêâàíå (30000 ìèëèñåêóíäè) ïðè èç÷àêâàíå íà óñëóãà Steam Client Service äà ñå ñâúðæå.  
System	Error	None	2020-10-30 12:06:56		Service Control Manager	7000: Óñëóãà Steam Client Service íå ìîæå äà áúäå ñòàðòèðàíà ïîðàäè ñëåäíàòà ãðåøêà:   %%1053  
System	Error	None	2020-10-30 12:11:50	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-10-30 12:11:50	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Warning	None	2020-10-30 12:38:59	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	10002: WLAN Extensibility Module ñïðÿ.    Ïúò äî ìîäóëà: C:\Windows\system32\Rtlihvs.dll    
System	Warning	None	2020-10-30 12:38:59	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: Óñëóãàòà çà àâòîìàòè÷íî êîíôèãóðèðàíå íà áåçæè÷íàòà ìðåæà å óñïåøíî ñïðÿíà.    
System	Error	None	2020-10-30 12:40:10		Service Control Manager	7000: Óñëóãà ACP Kernel Service Driver íå ìîæå äà áúäå ñòàðòèðàíà ïîðàäè ñëåäíàòà ãðåøêà:   %%2  
System	Error	None	2020-10-30 12:42:02		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Error	None	2020-10-30 12:46:15	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-10-30 12:46:17	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Warning	None	2020-10-30 13:06:46	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	10002: WLAN Extensibility Module ñïðÿ.    Ïúò äî ìîäóëà: C:\Windows\system32\Rtlihvs.dll    
System	Warning	None	2020-10-30 13:06:46	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: Óñëóãàòà çà àâòîìàòè÷íî êîíôèãóðèðàíå íà áåçæè÷íàòà ìðåæà å óñïåøíî ñïðÿíà.    
System	Error	None	2020-10-30 13:07:49		Service Control Manager	7000: Óñëóãà ACP Kernel Service Driver íå ìîæå äà áúäå ñòàðòèðàíà ïîðàäè ñëåäíàòà ãðåøêà:   %%2  
System	Error	None	2020-10-30 13:09:01		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Error	None	2020-10-30 13:09:57		WMPNetworkSvc	14332: Óñëóãàòà "WMPNetworkSvc" íå å ñòàðòèðàíà ïðàâèëíî, ïîíåæå CoCreateInstance(CLSID_UPnPDeviceFinder) îòêðè ãðåøêà "0x80004005". Óâåðåòå ñå, ÷å ñå èçïúëíÿâà óñëóãàòà UPnPHost è ÷å êîìïîíåíòúò UPnPHost íà Windows å èíñòàëèðàí ïðàâèëíî.
System	Error	None	2020-10-30 13:11:49	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-10-30 13:11:49	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Error	None	2020-10-30 13:22:42	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-10-30 13:22:42	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Error	None	2020-10-30 18:24:13	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-10-30 18:24:13	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Error	None	2020-10-30 19:36:11		Service Control Manager	7000: Óñëóãà ACP Kernel Service Driver íå ìîæå äà áúäå ñòàðòèðàíà ïîðàäè ñëåäíàòà ãðåøêà:   %%2  
System	Warning	None	2020-10-30 19:37:40	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	10002: WLAN Extensibility Module ñïðÿ.    Ïúò äî ìîäóëà: C:\Windows\system32\Rtlihvs.dll    
System	Warning	None	2020-10-30 19:37:40	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: Óñëóãàòà çà àâòîìàòè÷íî êîíôèãóðèðàíå íà áåçæè÷íàòà ìðåæà å óñïåøíî ñïðÿíà.    
System	Error	None	2020-10-30 19:38:46		Service Control Manager	7000: Óñëóãà ACP Kernel Service Driver íå ìîæå äà áúäå ñòàðòèðàíà ïîðàäè ñëåäíàòà ãðåøêà:   %%2  
System	Error	None	2020-10-30 19:39:59		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Error	None	2020-10-30 19:45:31	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-10-30 19:45:32	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Error	None	2020-10-30 20:11:31	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-10-30 20:11:31	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Warning	None	2020-10-31 00:01:29	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	10002: WLAN Extensibility Module ñïðÿ.    Ïúò äî ìîäóëà: C:\Windows\system32\Rtlihvs.dll    
System	Warning	None	2020-10-31 00:01:29	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: Óñëóãàòà çà àâòîìàòè÷íî êîíôèãóðèðàíå íà áåçæè÷íàòà ìðåæà å óñïåøíî ñïðÿíà.    
System	Error	None	2020-10-31 19:33:37		Service Control Manager	7000: Óñëóãà ACP Kernel Service Driver íå ìîæå äà áúäå ñòàðòèðàíà ïîðàäè ñëåäíàòà ãðåøêà:   %%2  
System	Error	None	2020-10-31 19:34:49		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Error	None	2020-10-31 19:41:14	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-10-31 19:41:14	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Warning	None	2020-11-01 01:49:22	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	10002: WLAN Extensibility Module ñïðÿ.    Ïúò äî ìîäóëà: C:\Windows\system32\Rtlihvs.dll    
System	Warning	None	2020-11-01 01:49:22	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: Óñëóãàòà çà àâòîìàòè÷íî êîíôèãóðèðàíå íà áåçæè÷íàòà ìðåæà å óñïåøíî ñïðÿíà.    
System	Error	None	2020-11-01 11:10:42		Service Control Manager	7000: Óñëóãà ACP Kernel Service Driver íå ìîæå äà áúäå ñòàðòèðàíà ïîðàäè ñëåäíàòà ãðåøêà:   %%2  
System	Error	None	2020-11-01 11:12:02		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Error	None	2020-11-01 11:16:52	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-11-01 11:16:52	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Error	None	2020-11-01 14:01:54		EventLog	6008: The previous system shutdown at 13:59:26 ÷. on ?1.?11.?2020 ?ã. was unexpected.  
System	Error	None	2020-11-01 14:01:58		Service Control Manager	7000: Óñëóãà ACP Kernel Service Driver íå ìîæå äà áúäå ñòàðòèðàíà ïîðàäè ñëåäíàòà ãðåøêà:   %%2  
System	Error	None	2020-11-01 14:03:26		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Error	None	2020-11-01 14:50:56		EventLog	6008: The previous system shutdown at 14:49:44 ÷. on ?1.?11.?2020 ?ã. was unexpected.  
System	Error	None	2020-11-01 14:51:01		Service Control Manager	7000: Óñëóãà ACP Kernel Service Driver íå ìîæå äà áúäå ñòàðòèðàíà ïîðàäè ñëåäíàòà ãðåøêà:   %%2  
System	Error	None	2020-11-01 14:52:10		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Error	None	2020-11-01 14:58:04	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-11-01 14:58:05	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Error	None	2020-11-01 16:04:53		EventLog	6008: The previous system shutdown at 16:03:31 ÷. on ?1.?11.?2020 ?ã. was unexpected.  
System	Error	None	2020-11-01 16:04:58		Service Control Manager	7000: Óñëóãà ACP Kernel Service Driver íå ìîæå äà áúäå ñòàðòèðàíà ïîðàäè ñëåäíàòà ãðåøêà:   %%2  
System	Error	None	2020-11-01 16:06:20		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Warning	None	2020-11-01 23:43:53	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	10002: WLAN Extensibility Module ñïðÿ.    Ïúò äî ìîäóëà: C:\Windows\system32\Rtlihvs.dll    
System	Warning	None	2020-11-01 23:43:53	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: Óñëóãàòà çà àâòîìàòè÷íî êîíôèãóðèðàíå íà áåçæè÷íàòà ìðåæà å óñïåøíî ñïðÿíà.    
System	Error	None	2020-11-02 08:37:41		Service Control Manager	7000: Óñëóãà ACP Kernel Service Driver íå ìîæå äà áúäå ñòàðòèðàíà ïîðàäè ñëåäíàòà ãðåøêà:   %%2  
System	Error	None	2020-11-02 08:38:51		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Error	None	2020-11-02 08:43:49	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-11-02 08:43:50	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Warning	None	2020-11-03 00:24:08	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	10002: WLAN Extensibility Module ñïðÿ.    Ïúò äî ìîäóëà: C:\Windows\system32\Rtlihvs.dll    
System	Warning	None	2020-11-03 00:24:08	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: Óñëóãàòà çà àâòîìàòè÷íî êîíôèãóðèðàíå íà áåçæè÷íàòà ìðåæà å óñïåøíî ñïðÿíà.    
System	Error	None	2020-11-03 19:38:02		Service Control Manager	7000: Óñëóãà ACP Kernel Service Driver íå ìîæå äà áúäå ñòàðòèðàíà ïîðàäè ñëåäíàòà ãðåøêà:   %%2  
System	Error	None	2020-11-03 19:39:28		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Error	None	2020-11-03 19:44:09	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-11-03 19:44:10	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Warning	None	2020-11-03 21:30:58	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	10002: WLAN Extensibility Module ñïðÿ.    Ïúò äî ìîäóëà: C:\Windows\system32\Rtlihvs.dll    
System	Warning	None	2020-11-03 21:30:58	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: Óñëóãàòà çà àâòîìàòè÷íî êîíôèãóðèðàíå íà áåçæè÷íàòà ìðåæà å óñïåøíî ñïðÿíà.    
System	Error	None	2020-11-04 16:32:05		Service Control Manager	7000: Óñëóãà ACP Kernel Service Driver íå ìîæå äà áúäå ñòàðòèðàíà ïîðàäè ñëåäíàòà ãðåøêà:   %%2  
System	Error	None	2020-11-04 16:33:19		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Error	None	2020-11-04 16:38:04	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-11-04 16:38:05	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Error	None	2020-11-04 17:01:32		EventLog	6008: The previous system shutdown at 16:38:33 ÷. on ?4.?11.?2020 ?ã. was unexpected.  
System	Error	None	2020-11-04 17:01:39		Service Control Manager	7000: Óñëóãà ACP Kernel Service Driver íå ìîæå äà áúäå ñòàðòèðàíà ïîðàäè ñëåäíàòà ãðåøêà:   %%2  
System	Error	None	2020-11-04 17:02:54		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Error	None	2020-11-04 17:03:46		WMPNetworkSvc	14332: Óñëóãàòà "WMPNetworkSvc" íå å ñòàðòèðàíà ïðàâèëíî, ïîíåæå CoCreateInstance(CLSID_UPnPDeviceFinder) îòêðè ãðåøêà "0x80004005". Óâåðåòå ñå, ÷å ñå èçïúëíÿâà óñëóãàòà UPnPHost è ÷å êîìïîíåíòúò UPnPHost íà Windows å èíñòàëèðàí ïðàâèëíî.
System	Error	None	2020-11-04 17:07:45	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-11-04 17:07:45	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Warning	None	2020-11-05 01:30:56	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	10002: WLAN Extensibility Module ñïðÿ.    Ïúò äî ìîäóëà: C:\Windows\system32\Rtlihvs.dll    
System	Warning	None	2020-11-05 01:30:56	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: Óñëóãàòà çà àâòîìàòè÷íî êîíôèãóðèðàíå íà áåçæè÷íàòà ìðåæà å óñïåøíî ñïðÿíà.    
System	Error	None	2020-11-05 10:09:26		Service Control Manager	7000: Óñëóãà ACP Kernel Service Driver íå ìîæå äà áúäå ñòàðòèðàíà ïîðàäè ñëåäíàòà ãðåøêà:   %%2  
System	Error	None	2020-11-05 10:11:01		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Error	None	2020-11-05 10:15:04	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-11-05 10:15:05	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Error	None	2020-11-05 13:50:35		EventLog	6008: The previous system shutdown at 13:35:38 ÷. on ?5.?11.?2020 ?ã. was unexpected.  
System	Error	None	2020-11-05 13:50:39		Service Control Manager	7000: Óñëóãà ACP Kernel Service Driver íå ìîæå äà áúäå ñòàðòèðàíà ïîðàäè ñëåäíàòà ãðåøêà:   %%2  
System	Warning	None	2020-11-05 13:50:49	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name 0.pool.ntp.org timed out after none of the configured DNS servers responded.  
System	Warning	None	2020-11-05 13:51:03	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name 1.pool.ntp.org timed out after none of the configured DNS servers responded.  
System	Error	None	2020-11-05 13:52:00		Service Control Manager	7026: Íåóñïåøíî çàðåæäàíå íà ñëåäíèÿ äðàéâåð, êîéòî ñå àêòèâèðà ñ âêëþ÷âàíå íà êîìïþòúðà èëè ñòàðòèðàíå íà ñèñòåìàòà:   BTHidMgr  
System	Error	None	2020-11-05 13:56:53	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-11-05 13:56:54	SYSTEM	Schannel	36887: The following fatal alert was received: 40.  
System	Error	None	2020-11-05 14:07:20		DCOM	10010: The server {ED1D0FDF-4414-470A-A56D-CFB68623FC58} did not register with DCOM within the required timeout.
System	Error	None	2020-11-05 14:56:42	SYSTEM	Schannel	36887: The following fatal alert was received: 70.  
System	Error	None	2020-11-05 14:56:42	SYSTEM	Schannel	36887: The following fatal alert was received: 40.

Иначе това са параметрите на компютъра:


/* *************************************************** **************************************************** */

->
1.png
1.png (171.94 KiB) Преглеждано 2971 пъти
1.png
1.png (171.94 KiB) Преглеждано 2971 пъти

->
2.png
2.png (243.01 KiB) Преглеждано 2971 пъти
2.png
2.png (243.01 KiB) Преглеждано 2971 пъти

->
3.png
3.png (47.89 KiB) Преглеждано 2971 пъти
3.png
3.png (47.89 KiB) Преглеждано 2971 пъти

->
4.png
4.png (27.31 KiB) Преглеждано 2971 пъти
4.png
4.png (27.31 KiB) Преглеждано 2971 пъти

->
5.png
5.png (29.01 KiB) Преглеждано 2971 пъти
5.png
5.png (29.01 KiB) Преглеждано 2971 пъти

->
6.png
6.png (28.17 KiB) Преглеждано 2971 пъти
6.png
6.png (28.17 KiB) Преглеждано 2971 пъти


->
7.png
7.png (30.82 KiB) Преглеждано 2971 пъти
7.png
7.png (30.82 KiB) Преглеждано 2971 пъти

->
8.png
8.png (33.7 KiB) Преглеждано 2971 пъти
8.png
8.png (33.7 KiB) Преглеждано 2971 пъти

->
9.png
9.png (26.07 KiB) Преглеждано 2971 пъти
9.png
9.png (26.07 KiB) Преглеждано 2971 пъти

->
10.png
10.png (37.86 KiB) Преглеждано 2971 пъти
10.png
10.png (37.86 KiB) Преглеждано 2971 пъти

/* *************************************************** **************************************************** */

-------------------------------------------------------------------------------------------------------------------------------------------------------------------->
[1].png
[1].png (176.83 KiB) Преглеждано 2971 пъти
[1].png
[1].png (176.83 KiB) Преглеждано 2971 пъти
-------------------------------------------------------------------------------------------------------------------------------------------------------------------->
[2].png
[2].png (167.92 KiB) Преглеждано 2971 пъти
[2].png
[2].png (167.92 KiB) Преглеждано 2971 пъти
-------------------------------------------------------------------------------------------------------------------------------------------------------------------->
[3].png
[3].png (97.58 KiB) Преглеждано 2971 пъти
[3].png
[3].png (97.58 KiB) Преглеждано 2971 пъти
-------------------------------------------------------------------------------------------------------------------------------------------------------------------->
[4].png
[4].png (105.36 KiB) Преглеждано 2971 пъти
[4].png
[4].png (105.36 KiB) Преглеждано 2971 пъти
-------------------------------------------------------------------------------------------------------------------------------------------------------------------->
[5].png
[5].png (150.29 KiB) Преглеждано 2971 пъти
[5].png
[5].png (150.29 KiB) Преглеждано 2971 пъти
-------------------------------------------------------------------------------------------------------------------------------------------------------------------->
[6].png
[6].png (86.42 KiB) Преглеждано 2971 пъти
[6].png
[6].png (86.42 KiB) Преглеждано 2971 пъти
-------------------------------------------------------------------------------------------------------------------------------------------------------------------->
[7].png
[7].png (174.43 KiB) Преглеждано 2971 пъти
[7].png
[7].png (174.43 KiB) Преглеждано 2971 пъти
-------------------------------------------------------------------------------------------------------------------------------------------------------------------->
[8].png
[8].png (174.11 KiB) Преглеждано 2971 пъти
[8].png
[8].png (174.11 KiB) Преглеждано 2971 пъти
-------------------------------------------------------------------------------------------------------------------------------------------------------------------->
[9].png
[9].png (117.2 KiB) Преглеждано 2971 пъти
[9].png
[9].png (117.2 KiB) Преглеждано 2971 пъти
-------------------------------------------------------------------------------------------------------------------------------------------------------------------->
[10].png
[10].png (152.88 KiB) Преглеждано 2971 пъти
[10].png
[10].png (152.88 KiB) Преглеждано 2971 пъти
-------------------------------------------------------------------------------------------------------------------------------------------------------------------->
[11].png
[11].png (143.94 KiB) Преглеждано 2971 пъти
[11].png
[11].png (143.94 KiB) Преглеждано 2971 пъти
-------------------------------------------------------------------------------------------------------------------------------------------------------------------->
[12].png
[12].png (115.02 KiB) Преглеждано 2971 пъти
[12].png
[12].png (115.02 KiB) Преглеждано 2971 пъти
-------------------------------------------------------------------------------------------------------------------------------------------------------------------->
[13].png
[13].png (142.38 KiB) Преглеждано 2971 пъти
[13].png
[13].png (142.38 KiB) Преглеждано 2971 пъти
-------------------------------------------------------------------------------------------------------------------------------------------------------------------->
[14].png
[14].png (162.29 KiB) Преглеждано 2971 пъти
[14].png
[14].png (162.29 KiB) Преглеждано 2971 пъти
-------------------------------------------------------------------------------------------------------------------------------------------------------------------->
[15].png
[15].png (42.96 KiB) Преглеждано 2971 пъти
[15].png
[15].png (42.96 KiB) Преглеждано 2971 пъти
-------------------------------------------------------------------------------------------------------------------------------------------------------------------->
[16].png
[16].png (116.21 KiB) Преглеждано 2971 пъти
[16].png
[16].png (116.21 KiB) Преглеждано 2971 пъти
-------------------------------------------------------------------------------------------------------------------------------------------------------------------->
[17].png
[17].png (175.15 KiB) Преглеждано 2971 пъти
[17].png
[17].png (175.15 KiB) Преглеждано 2971 пъти
-------------------------------------------------------------------------------------------------------------------------------------------------------------------->
[18].png
[18].png (89.41 KiB) Преглеждано 2971 пъти
[18].png
[18].png (89.41 KiB) Преглеждано 2971 пъти
/* *************************************************** **************************************************** */

Аватар
atmax
Извън линия
Потребител
Потребител
Мнения: 492
Регистриран на: 22 Мар 2018, 15:06
Се отблагодари: 37 пъти
Получена благодарност: 43 пъти

Препоръчайте ми читав Windows 10 без бъгове и максимално оптимизиран добре работещ

Мнение от atmax » 05 Ное 2020, 18:00

Да предположим, че си инсталирал драйвърите правилно.. Имам предвид, че първо трябва да ги изчистиш има една такава програма DisplayDriver Uninstaller или накратко DDU. След почистването ще се рестартира и тогава инсталирай новите драйвъри. Този проблем може да идва и от някой проблемен Software, ако е така ще трябва доста да си поиграеш.. Натискаш windows копчето + R, ще се отвори прозореца "Run", там пишеш msconfig. От там избираш Services и долу слагаш тикче на "Hide all Microsoft services", после натискаш Disable all и рестартираш, ако проблема е решен, това означава, че виновника се крие някъде там.. Тука идва и гадната част, трябва да повториш същите стъпки, но тоя път да си играеш да ги спираш 1 по 1 докато откриеш виновния Software..
Забравих да добавя, че понякога проблема идва и от антивирусната, преди да опиташ всичко това написано горе, пробвай първо това. Изключи си антивирусната, ако проблема не продължава ще трябва да я дейнсталираш.
Rest in peace my friend I always will remember you! 🖤👊

Аватар
impossible
Извън линия
Потребител
Потребител
Мнения: 488
Регистриран на: 15 Юни 2019, 12:41
Се отблагодари: 23 пъти
Получена благодарност: 47 пъти

Препоръчайте ми читав Windows 10 без бъгове и максимално оптимизиран добре работещ

Мнение от impossible » 05 Ное 2020, 20:23

Мисля, че една преинсталация ще свърши работа този компютър от както съществува не е бил преинсталиран имам доста файлове и папки даже съм забравил какво съм слагал в всяка една папка всичко ми изглежда доста нахвърляно и неподредено.

Аватар
illusion
Извън линия
Developer
Developer
Мнения: 1796
Регистриран на: 27 Ное 2016, 17:47
Местоположение: CraftVision
Се отблагодари: 151 пъти
Получена благодарност: 358 пъти
Обратна връзка:

Препоръчайте ми читав Windows 10 без бъгове и максимално оптимизиран добре работещ

Мнение от illusion » 05 Ное 2020, 20:38

Като искаш да минаваш на 10-ка, давай. Дал съм ти линкче отгоре. Инсталацията е супер лесна, все едно инсталираш игра.

Но не е сигурно, че ще ти върви без забивания.

Аватар
impossible
Извън линия
Потребител
Потребител
Мнения: 488
Регистриран на: 15 Юни 2019, 12:41
Се отблагодари: 23 пъти
Получена благодарност: 47 пъти

Препоръчайте ми читав Windows 10 без бъгове и максимално оптимизиран добре работещ

Мнение от impossible » 05 Ное 2020, 20:44

memberlist.php?mode=viewprofile&u=237 - Тествано ли е не мога да видя информация директно сваля в Замунда има доста различни версии с подробно описание дали няма да е по-добре от там ?

Аватар
Goddness
Извън линия
Потребител
Потребител
Мнения: 1812
Регистриран на: 20 Май 2017, 11:47
Местоположение: Някъде по света
Се отблагодари: 141 пъти
Получена благодарност: 187 пъти
Обратна връзка:

Препоръчайте ми читав Windows 10 без бъгове и максимално оптимизиран добре работещ

Мнение от Goddness » 05 Ное 2020, 20:47

Най-качествения Windows e купеният.

Аватар
impossible
Извън линия
Потребител
Потребител
Мнения: 488
Регистриран на: 15 Юни 2019, 12:41
Се отблагодари: 23 пъти
Получена благодарност: 47 пъти

Препоръчайте ми читав Windows 10 без бъгове и максимално оптимизиран добре работещ

Мнение от impossible » 05 Ное 2020, 20:51

Свалих тази програма https://www.nirsoft.net/utils/blue_screen_view.html
dump.png
dump.png (511.58 KiB) Преглеждано 2892 пъти
dump.png
dump.png (511.58 KiB) Преглеждано 2892 пъти
Последно промяна от impossible на 05 Ное 2020, 21:19, променено общо 1 път.

Аватар
illusion
Извън линия
Developer
Developer
Мнения: 1796
Регистриран на: 27 Ное 2016, 17:47
Местоположение: CraftVision
Се отблагодари: 151 пъти
Получена благодарност: 358 пъти
Обратна връзка:

Препоръчайте ми читав Windows 10 без бъгове и максимално оптимизиран добре работещ

Мнение от illusion » 05 Ное 2020, 21:13

Давам ти линк от сайта на Microsoft, които са създали Windows? Мислиш ли, че zamunda ти е по-надеждна?

Публикувай отговор
  • Подобни теми
    Отговори
    Преглеждания
     Последно мнение

Обратно към “Помощ и въпроси / Поддръжка”

Кой е на линия

Потребители разглеждащи този форум: 0 регистрирани и 4 госта