ElfFilek %*eElfChnkW ] b v sh = Nw81_)MV :#JQO & +=**0 󖜂 %&%"N]z09CA7M Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/event`oTSystemA{ProviderF=KNameMicrosoft-Windows-Eventlog)Guid&{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}AMaEventID') Qualifiers "N Version wdLevelE{Task Opcode$jKeywordsAP; TimeCreated':j<{ SystemTime .hF EventRecordID A Correlation\F ActivityID5RelatedActivityIDAm) ExecutionHFN ProcessIDs9ThreadID 2aChannelSecurity8;nComputer WinDevEvalAB.Security8fLUserID $_5DUserData! ,!hN @󖜂  \^ \^@TkH؟A1ALogFileClearedj;http://manifests.microsoft.com/win/2004/08/windows/eventlog0 SubjectUserSid 2 ›SubjectUserName 6V ^SubjectDomainName 0 SubjectLogonId x\aeAdministratorWINDEVEVAL=0**  k hV h6aV`v8xAMsj5http://schemas.microsoft.com/win/2004/08/events/eventXAF=A  N  w   A : h AF A)FNs   WinDevEvalA 8 ! Fi!1 kVhWh( Microsoft-Windows-Security-Auditing%TxTI>;( Security ϲw`O ϲw`|XD'Ytv D EventDataAE NoData%=SubjectUserSid A5 '=SubjectUserName A9 +=SubjectDomainName A3 %=SubjectLogonId A1 #= TargetUserSid A3 %=TargetUserName A7 )=TargetDomainName A1 #= TargetLogonId A) = LogonType A7 )=LogonProcessName AI ;=AuthenticationPackageName A5 '=WorkstationName A) = LogonGuid A= /=TransmittedServices A1 #= LmPackageName A) = KeyLength A) = ProcessId A- = ProcessName A) = IpAddress A# =IpPort A; -=ImpersonationLevel A= /=RestrictedAdminMode AC 5=TargetOutboundUserName AG 9=TargetOutboundDomainName A3 %=VirtualAccount A= /=TargetLinkedLogonId A1 #= ElevatedToken   BWINDEVEVAL$WORKGROUPSYSTEMNT AUTHORITYAdvapi Negotiate---C:\Windows\System32\services.exe--%%1833---%%1843%%1842P **P k hV  F3!1@ kVhWh( Microsoft-Windows-Security-Auditing%TxTI>;( Security xUxUNOTAkA:.v A3 %=SubjectUserSid A5 '=SubjectUserName A9 +=SubjectDomainName A3 %=SubjectLogonId A1 #= PrivilegeList  SYSTEMNT AUTHORITYSeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege!P** 왜 hV  F!1 왜VhWh(| Microsoft-Windows-Security-Auditing%TxTI>;( Security ϲw`O   BWINDEVEVAL$WORKGROUPSYSTEMNT AUTHORITYAdvapi Negotiate---C:\Windows\System32\services.exe--%%1833---%%1843%%1842** 3왜 hV  F!1@ 3왜VhWh(| Microsoft-Windows-Security-Auditing%TxTI>;( Security xU SYSTEMNT AUTHORITYSeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege** v> hV  F!6u v>VhWh(| Microsoft-Windows-Security-Auditing%TxTI>;( Security ?1#?1hT JGtKv A3 %=TargetUserName A7 )=TargetDomainName A) = TargetSid A3 %=SubjectUserSid A5 '=SubjectUserName A9 +=SubjectDomainName A3 %=SubjectLogonId AdministratorWINDEVEVALx\aex\aeAdministratorWINDEVEVAL** > hV  F!6 >VhWh(| Microsoft-Windows-Security-Auditing%TxTI>;( Security Yn&Ynh^䧠Ծv A! =Dummy A3 %=TargetUserName A7 )=TargetDomainName A) = TargetSid A3 %=SubjectUserSid A5 '=SubjectUserName A9 +=SubjectDomainName A3 %=SubjectLogonId A1 #= PrivilegeList A3 %=SamAccountName A- = DisplayName A9 +=UserPrincipalName A1 #= HomeDirectory A' =HomePath A+ = ScriptPath A- = ProfilePath A7 )=UserWorkstations A5 '=PasswordLastSet A3 %=AccountExpires A3 %=PrimaryGroupId A= /=AllowedToDelegateTo A- = OldUacValue A- = NewUacValue A; -=UserAccountControl A3 %=UserParameters A+ = SidHistory A+ = LogonHours   -AdministratorWINDEVEVALx\aex\aeAdministratorWINDEVEVAL-------------0x2100x211 %%2080---** Z hV  F!1 ZVhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security ϲw`O   BWINDEVEVAL$WORKGROUPSYSTEMNT AUTHORITYAdvapi Negotiate---C:\Windows\System32\services.exe--%%1833---%%1843%%1842i** Z hV  F!1@ ZVhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security xU SYSTEMNT AUTHORITYSeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilegen** r hV  F!1 rVhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security ϲw`O   BWINDEVEVAL$WORKGROUPSYSTEMNT AUTHORITYAdvapi Negotiate---C:\Windows\System32\services.exe--%%1833---%%1843%%1842m** @r hV  F!1@ @rVhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security xU SYSTEMNT AUTHORITYSeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege** X& hV  F!6 X&VhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+=&w"BUPU:v A3 %=SubjectUserSid A5 '=SubjectUserName A9 +=SubjectDomainName A3 %=SubjectLogonId A+ = TargetName A =Type AK ==CountOfCredentialsReturned A1 #= ReadOperation A+ = ReturnCode A= /=ProcessCreationTime A5 '=ClientProcessId  RWINDEVEVAL$WORKGROUPWindowsLive:target=virtualapp/didlogical%%8100E4H ** t hV  F!1 tVhWh(| Microsoft-Windows-Security-Auditing%TxTI>;( Security ϲw`O   BWINDEVEVAL$WORKGROUPSYSTEMNT AUTHORITYAdvapi Negotiate---C:\Windows\System32\services.exe--%%1833---%%1843%%1842%** ht hV  F!1@ htVhWh(| Microsoft-Windows-Security-Auditing%TxTI>;( Security xU SYSTEMNT AUTHORITYSeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege** ȝ hV  F!6 ȝVhWh(| Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= NWINDEVEVAL$WORKGROUPMicrosoftAccount:user=02tqpuvkqlxvitre%%8100%E4H **H ,ɝ hV  F/!0 ,ɝVhWh(| Microsoft-Windows-Security-Auditing%TxTI>;( Security @ȫFJ@ȫF^^j-rv A3 %=SubjectUserSid A5 '=SubjectUserName A9 +=SubjectDomainName A3 %=SubjectLogonId A5 '=ClientProcessId A; -=ClientCreationTime A/ != ProviderName A1 #= AlgorithmName A% =KeyName A% =KeyType A- = KeyFilePath A) = Operation A+ = ReturnCode  PJWINDEVEVAL$WORKGROUPH E4Microsoft Software Key Storage ProviderUNKNOWNa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500C:\ProgramData\Microsoft\Crypto\SystemKeys\79ab4562dc0b192b22d9235289fa6dce_7ef75ac9-b320-45ec-b973-147100168dc2%%2458H** [ɝ hV  F{!0 [ɝVhWh(| Microsoft-Windows-Security-Auditing%TxTI>;( Security YQY;( Security w"B+= NWINDEVEVAL$WORKGROUPMicrosoftAccount:user=02tqpuvkqlxvitre%%8099%E4H at** ʝ hV  F!6 ʝVhWh(| Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= NWINDEVEVAL$WORKGROUPMicrosoftAccount:user=02tqpuvkqlxvitre%%8100%E4H ** ]O˝ hV  F!6 ]O˝VhWh(| Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= RWINDEVEVAL$WORKGROUPWindowsLive:target=virtualapp/didlogical%%8100%E4H ** G hV  F!6 GVhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= NWINDEVEVAL$WORKGROUPMicrosoftAccount:user=02tqpuvkqlxvitre%%8100%E4H le**X  hV  F;!0 VhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security @ȫFJ PJWINDEVEVAL$WORKGROUPH E4Microsoft Software Key Storage ProviderUNKNOWNa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500C:\ProgramData\Microsoft\Crypto\SystemKeys\79ab4562dc0b192b22d9235289fa6dce_7ef75ac9-b320-45ec-b973-147100168dc2%%2458i X**P Q hV  F9!0 QVhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security YQ PJWINDEVEVAL$WORKGROUPMicrosoft Software Key Storage ProviderRSAa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500%%2480iP**  hV  F!6 VhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= NWINDEVEVAL$WORKGROUPMicrosoftAccount:user=02tqpuvkqlxvitre%%8099%E4H il** @, hV  F!6 @,VhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= NWINDEVEVAL$WORKGROUPMicrosoftAccount:user=02tqpuvkqlxvitre%%8100%E4H EV** ; hV  F!6 ;VhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= RWINDEVEVAL$WORKGROUPWindowsLive:target=virtualapp/didlogical%%8100E4H NDEV**@! ? hV  F%!6 ?VhWh(X! Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= nx\aeAdministratorWINDEVEVAL2WindowsLive:(token):name=02jybkxsegaehqky;serviceuri=*%%8100%E4H C:@**@" `? hV  F#!6 `?VhWh(X" Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= lx\aeAdministratorWINDEVEVAL2WindowsLive:(cert):name=02jybkxsegaehqky;serviceuri=*%%8100%E4H VSSV@** # ? hV  F !6 ?VhWh(X# Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Rx\aeAdministratorWINDEVEVAL2WindowsLive:target=virtualapp/didlogical%%8100E4H m ** $ :S hV  F!6 :SVhWh(X$ Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H  **X% 5 hV  F;!0 5VhWh(X% Microsoft-Windows-Security-Auditing%TxTI>;( Security @ȫFJ PJWINDEVEVAL$WORKGROUPH E4Microsoft Software Key Storage ProviderUNKNOWNa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500C:\ProgramData\Microsoft\Crypto\SystemKeys\79ab4562dc0b192b22d9235289fa6dce_7ef75ac9-b320-45ec-b973-147100168dc2%%2458p OpX**P&  hV  F9!0 VhWh(X& Microsoft-Windows-Security-Auditing%TxTI>;( Security YQ PJWINDEVEVAL$WORKGROUPMicrosoft Software Key Storage ProviderRSAa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500%%2480P** ' XΝ hV  F!6 XΝVhWh(X' Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8099%E4H  ** (  hV  F!6 VhWh(X( Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H ows ** ) u hV  F !6 uVhWh(X) Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Rx\aeAdministratorWINDEVEVAL2WindowsLive:target=virtualapp/didlogical%%8100E4H e ** *  hV  F !6 VhWh(X* Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Rx\aeAdministratorWINDEVEVAL2WindowsLive:target=virtualapp/didlogical%%8100E4H **+ ֞ hV  F!6 ֞VhWh(|+ Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= 6x\aeAdministratorWINDEVEVAL2OneDrive Cached Credential%%8100%툨** , ۞ hV  F!6 ۞VhWh(|, Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H e1 **X- ܞ hV  F;!0 ܞVhWh(|- Microsoft-Windows-Security-Auditing%TxTI>;( Security @ȫFJ PJWINDEVEVAL$WORKGROUPH E4Microsoft Software Key Storage ProviderUNKNOWNa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500C:\ProgramData\Microsoft\Crypto\SystemKeys\79ab4562dc0b192b22d9235289fa6dce_7ef75ac9-b320-45ec-b973-147100168dc2%%2458persX**P. Mܞ hV  F9!0 MܞVhWh(|. Microsoft-Windows-Security-Auditing%TxTI>;( Security YQ PJWINDEVEVAL$WORKGROUPMicrosoft Software Key Storage ProviderRSAa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500%%2480:P** / ݞ hV  F!6 ݞVhWh(|/ Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8099%E4H SYS ** 0 ]ޞ hV  F!6 ]ޞVhWh(|0 Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H y  ** 1 Yޞ hV  F !6 YޞVhWh(|1 Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Rx\aeAdministratorWINDEVEVAL2WindowsLive:target=virtualapp/didlogical%%8100%E4H m ** 2 2g hV  F!6 2gVhWh(|2 Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H  **@3 k hV  F%!6 kVhWh(|3 Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= nx\aeAdministratorWINDEVEVAL2WindowsLive:(token):name=02jybkxsegaehqky;serviceuri=*%%8100%E4H cro@**@4 (x hV  F#!6 (xVhWh(|4 Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= lx\aeAdministratorWINDEVEVAL2WindowsLive:(cert):name=02jybkxsegaehqky;serviceuri=*%%8100%E4H ge @** 5  hV  F!6 VhWh(|5 Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H S **X6 l  hV  F;!0 l VhWh(|6 Microsoft-Windows-Security-Auditing%TxTI>;( Security @ȫFJ PJWINDEVEVAL$WORKGROUPH E4Microsoft Software Key Storage ProviderUNKNOWNa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500C:\ProgramData\Microsoft\Crypto\SystemKeys\79ab4562dc0b192b22d9235289fa6dce_7ef75ac9-b320-45ec-b973-147100168dc2%%2458istrX**P7 5  hV  F9!0 5 VhWh(|7 Microsoft-Windows-Security-Auditing%TxTI>;( Security YQ PJWINDEVEVAL$WORKGROUPMicrosoft Software Key Storage ProviderRSAa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500%%2480P** 8 ! hV  F!6 !VhWh(|8 Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8099%E4H  ** 9 ! hV  F!6 !VhWh(|9 Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H Co ** : ! hV  F !6 !VhWh(|: Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Rx\aeAdministratorWINDEVEVAL2WindowsLive:target=virtualapp/didlogical%%8100E4H j ** ; tY hV  F!6 tYVhWh(|; Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H = **X< Z hV  F;!0 ZVhWh(|< Microsoft-Windows-Security-Auditing%TxTI>;( Security @ȫFJ PJWINDEVEVAL$WORKGROUPH E4Microsoft Software Key Storage ProviderUNKNOWNa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500C:\ProgramData\Microsoft\Crypto\SystemKeys\79ab4562dc0b192b22d9235289fa6dce_7ef75ac9-b320-45ec-b973-147100168dc2%%2458LX**P= +Z hV  F9!0 +ZVhWh(|= Microsoft-Windows-Security-Auditing%TxTI>;( Security YQ PJWINDEVEVAL$WORKGROUPMicrosoft Software Key Storage ProviderRSAa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500%%2480P** > Z hV  F!6 ZVhWh(|> Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8099%E4H ice ** ? zL[ hV  F!6 zL[VhWh(|? Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H ora ** @ Y[ hV  F !6 Y[VhWh(|@ Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Rx\aeAdministratorWINDEVEVAL2WindowsLive:target=virtualapp/didlogical%%8100E4H  ** A c hV  F!6 cVhWh(|A Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H V **@B c hV  F%!6 cVhWh(|B Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= nx\aeAdministratorWINDEVEVAL2WindowsLive:(token):name=02jybkxsegaehqky;serviceuri=*%%8100%E4H @**@C c hV  F#!6 cVhWh(|C Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= lx\aeAdministratorWINDEVEVAL2WindowsLive:(cert):name=02jybkxsegaehqky;serviceuri=*%%8100%E4H ty @** D 8c hV  F!6 8cVhWh(XD Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H  ** E c hV  F!6 cVhWh(|E Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02vqaiuqmqprjhcr%%8100%E4H ege **@F c hV  F%!6 cVhWh(XF Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= nx\aeAdministratorWINDEVEVAL2WindowsLive:(token):name=02jybkxsegaehqky;serviceuri=*%%8100%E4H cro@**@G 6c hV  F#!6 6cVhWh(XG Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= lx\aeAdministratorWINDEVEVAL2WindowsLive:(cert):name=02jybkxsegaehqky;serviceuri=*%%8100%E4H @** H Zz hV  F!6 ZzVhWh(H Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H Pri ** I ~  hV  F!6 ~ VhWh(I Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H  ** J x hV  F!6 xVhWh(J Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H Sys ** K  hV  F!6 VhWh(K Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H e ** L 3 hV  F!6 3VhWh(L Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H Imp ** M T hV  F!6 TVhWh(M Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H THO ** N ̝ hV  F!6 ̝VhWh(XN Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H  ** O  hV  F!6 VhWh(XO Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H ntP ** P  hV  F!6 VhWh(XP Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H  ** Q W hV  F!6 WVhWh(XQ Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H M ** R 힟 hV  F!6 힟VhWh(XR Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H ** S 𞟜 hV  F!6 𞟜VhWh(XS Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H g% **T Ĵ hV  F!6 ĴVhWh(XT Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= "x\aeAdministratorWINDEVEVAL2MicrosoftOffice*%%8100%툨c**U  hV  F!1 VhWh(XU Microsoft-Windows-Security-Auditing%TxTI>;( Security ϲw`O   BWINDEVEVAL$WORKGROUPSYSTEMNT AUTHORITYAdvapi Negotiate---C:\Windows\System32\services.exe--%%1833---%%1843%%1842E**V  hV  F!1@ VhWh(XV Microsoft-Windows-Security-Auditing%TxTI>;( Security xU SYSTEMNT AUTHORITYSeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilegee**W Ϸ hV  F!1 ϷVhWh(W Microsoft-Windows-Security-Auditing%TxTI>;( Security ϲw`O   BWINDEVEVAL$WORKGROUPSYSTEMNT AUTHORITYAdvapi Negotiate---C:\Windows\System32\services.exe--%%1833---%%1843%%1842E**X +Ϸ hV  F!1@ +ϷVhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security xU SYSTEMNT AUTHORITYSeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilegee**Y hq hV  F!1 hqVhWh(Y Microsoft-Windows-Security-Auditing%TxTI>;( Security ϲw`O   BWINDEVEVAL$WORKGROUPSYSTEMNT AUTHORITYAdvapi Negotiate---C:\Windows\System32\services.exe--%%1833---%%1843%%1842E**Z q hV  F!1@ qVhWh(Z Microsoft-Windows-Security-Auditing%TxTI>;( Security xU SYSTEMNT AUTHORITYSeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilegee**[ 7 hV  F!1 7VhWh([ Microsoft-Windows-Security-Auditing%TxTI>;( Security ϲw`O   BWINDEVEVAL$WORKGROUPSYSTEMNT AUTHORITYAdvapi Negotiate---C:\Windows\System32\services.exe--%%1833---%%1843%%1842**\ H7 hV  F!1@ H7VhWh(\ Microsoft-Windows-Security-Auditing%TxTI>;( Security xU SYSTEMNT AUTHORITYSeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege**]  hV  F!5+ VhWh] Microsoft-Windows-Security-Auditing%TxTI>;( Security 6#V 6#́?[|ӊSQ~rv A3 %=SubjectUserSid A5 '=SubjectUserName A9 +=SubjectDomainName A3 %=SubjectLogonId A/ != ObjectServer A+ = ObjectType A+ = ObjectName A' =HandleId A! =OldSd A! =NewSd A) = ProcessId A- = ProcessName   h<WINDEVEVAL$WORKGROUPSecurityFileC:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-msS:ARAI(AU;SAFA;0x1f0116;;;WD)C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22000.702_none_04dc3df74c65e3e2\TiWorker.exe z WVh hV  Fit5+ ~)VhWh^ Microsoft-Windows-Security-Auditing%TxTI>;( Security 6#ventlogElfChnkXd^ j +00&*Ydp=fq/?.MFJ/k,** ^ ~) h&h6aV`v8xAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel8F;nComputer WinDevEvalAB.SecurityfLUserID ! F!5+ ~)VhWh^ Microsoft-Windows-Security-Auditing%TxTI>;( Security 6#̿&6#́?[|ӊSQD EventDataAEoData%=SubjectUserSid A5'=SubjectUserName A9+=SubjectDomainName A3%=SubjectLogonId A/!= ObjectServer A+= ObjectType A+= ObjectName A'=HandleId A!=OldSd A!=NewSd A)= ProcessId A-= ProcessName   J<WINDEVEVAL$WORKGROUPSecurityFileC:\Windows\WinSxS\FileMaps\$$.cdf-msS:ARAI(AU;SAFA;0x1f0116;;;WD)C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22000.702_none_04dc3df74c65e3e2\TiWorker.exe1 **x_  h& F_!5+ VhWhH_ Microsoft-Windows-Security-Auditing%TxTI>;( Security 6#̿  ~<WINDEVEVAL$WORKGROUPSecurityFileC:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms$S:ARAI(AU;SAFA;0x1f0116;;;WD)C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22000.702_none_04dc3df74c65e3e2\TiWorker.exeacx**` Q h& Fo!5+ QVhWhH` Microsoft-Windows-Security-Auditing%TxTI>;( Security 6#̿  <WINDEVEVAL$WORKGROUPSecurityFileC:\Windows\WinSxS\FileMaps\$$_system32_openssh_f142c5dc07dcf27a.cdf-msS:ARAI(AU;SAFA;0x1f0116;;;WD)C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22000.702_none_04dc3df74c65e3e2\TiWorker.exe**a ӯœ h& F!1' ӯœVhWh(xa Microsoft-Windows-Security-Auditing%TxTI>;( Security \\Q (?PKA1#= TargetUserSid A3%=TargetUserName A7)=TargetDomainName A1#= TargetLogonId x\aeAdministratorWINDEVEVAL2W**`b œ h& FG!6 œVhWh(b Microsoft-Windows-Security-Auditing%TxTI>;( Security 5}k5}>.R@Cϐ&A3%=TargetUserName A7)=TargetDomainName A)= TargetSid A3%=SubjectUserSid A5'=SubjectUserName A9+=SubjectDomainName A3%=SubjectLogonId A5'=CallerProcessId A9+=CallerProcessName   @AdministratorWINDEVEVALx\aeWINDEVEVAL$WORKGROUP C:\Windows\System32\svchost.exeeD`**(c )œ h& F !6 )œVhWh(c Microsoft-Windows-Security-Auditing%TxTI>;( Security 5}k  @DefaultAccountWINDEVEVALx\aeWINDEVEVAL$WORKGROUP C:\Windows\System32\svchost.exe(**d .œ h& F!6 .œVhWh(d Microsoft-Windows-Security-Auditing%TxTI>;( Security 5}k  @GuestWINDEVEVALx\aeWINDEVEVAL$WORKGROUP C:\Windows\System32\svchost.exe**0e œ h& F!6 œVhWh(e Microsoft-Windows-Security-Auditing%TxTI>;( Security 5}k & @WDAGUtilityAccountWINDEVEVALx\aeWINDEVEVAL$WORKGROUP C:\Windows\System32\svchost.exe 0**f @œ h& F!5+ @œVhWh f Microsoft-Windows-Security-Auditing%TxTI>;( Security 6#̿  h<@WINDEVEVAL$WORKGROUPSecurityFileC:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-mstS:ARAI(AU;SAFA;0x1f0116;;;WD) C:\Windows\System32\poqexec.exeT**g bœ h& Fs!5+ bœVhWh g Microsoft-Windows-Security-Auditing%TxTI>;( Security 6#̿  J<@WINDEVEVAL$WORKGROUPSecurityFileC:\Windows\WinSxS\FileMaps\$$.cdf-mstS:ARAI(AU;SAFA;0x1f0116;;;WD) C:\Windows\System32\poqexec.exesoft**h nœ h& F!5+ nœVhWhh Microsoft-Windows-Security-Auditing%TxTI>;( Security 6#̿  ~<@WINDEVEVAL$WORKGROUPSecurityFileC:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-mstS:ARAI(AU;SAFA;0x1f0116;;;WD) C:\Windows\System32\poqexec.exe**i Pœ h& F!5+ PœVhWhi Microsoft-Windows-Security-Auditing%TxTI>;( Security 6#̿  <@WINDEVEVAL$WORKGROUPSecurityFileC:\Windows\WinSxS\FileMaps\$$_system32_openssh_f142c5dc07dcf27a.cdf-msS:ARAI(AU;SAFA;0x1f0116;;;WD) C:\Windows\System32\poqexec.exe **Pj NĜ %,%"N]z09AMsj5http://schemas.microsoft.com/win/2004/08/events/eventAF=Microsoft-Windows-EventlogX&{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}Az      ? fA   AFFmAF SecurityF WinDevEvalA  $.m5DUserData! !gL @NĜxj  䦤J/䦤[W"l+Aq/'ServiceShutdownj;http://manifests.microsoft.com/win/2004/08/windows/eventlogSYSPMNT AUTHORITYAdvapi Negotiate---C:\Windows\System32\services.exe--%%1833---%%1843%%1842i** Z hV  F!1@ ZVhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security xU SYSTEMNT AUTHORITYSeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilegen** r hV  F!1 rVhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security ϲw`O   BWINDEVEVAL$WORKGROUPSYSTEMNT AUTHORITYAdvapi Negotiate---C:\Windows\System32\services.exe--%%1833---%%1843%%1842m** @r hV  F!1@ @rVhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security xU SYSTEMNT AUTHORITYSeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege** X& hV  F!6 X&VhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+=&w"BUPU:v A3 %=SubjectUserSid A5 '=SubjectUserName A9 +=SubjectDomainName A3 %=SubjectLogonId A+ = TargetName A =Type AK ==CountOfCredentialsReturned A1 #= ReadOperation A+ = ReturnCode A= /=ProcessCreationTime A5 '=ClientProcessId  RWINDEVEVAL$WORKGROUPWindowsLive:target=virtualapp/didlogical%%8100E4H ** t hV  F!1 tVhWh(| Microsoft-Windows-Security-Auditing%TxTI>;( Security ϲw`O   BWINDEVEVAL$WORKGROUPSYSTEMNT AUTHORITYAdvapi Negotiate---C:\Windows\System32\services.exe--%%1833---%%1843%%1842%** ht hV  F!1@ htVhWh(| Microsoft-Windows-Security-Auditing%TxTI>;( Security xU SYSTEMNT AUTHORITYSeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege** ȝ hV  F!6 ȝVhWh(| Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= NWINDEVEVAL$WORKGROUPMicrosoftAccount:user=02tqpuvkqlxvitre%%8100%E4H **H ,ɝ hV  F/!0 ,ɝVhWh(| Microsoft-Windows-Security-Auditing%TxTI>;( Security @ȫFJ@ȫF^^j-rv A3 %=SubjectUserSid A5 '=SubjectUserName A9 +=SubjectDomainName A3 %=SubjectLogonId A5 '=ClientProcessId A; -=ClientCreationTime A/ != ProviderName A1 #= AlgorithmName A% =KeyName A% =KeyType A- = KeyFilePath A) = Operation A+ = ReturnCode  PJWINDEVEVAL$WORKGROUPH E4Microsoft Software Key Storage ProviderUNKNOWNa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500C:\ProgramData\Microsoft\Crypto\SystemKeys\79ab4562dc0b192b22d9235289fa6dce_7ef75ac9-b320-45ec-b973-147100168dc2%%2458H** [ɝ hV  F{!0 [ɝVhWh(| Microsoft-Windows-Security-Auditing%TxTI>;( Security YQY;( Security w"B+= NWINDEVEVAL$WORKGROUPMicrosoftAccount:user=02tqpuvkqlxvitre%%8099%E4H at** ʝ hV  F!6 ʝVhWh(| Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= NWINDEVEVAL$WORKGROUPMicrosoftAccount:user=02tqpuvkqlxvitre%%8100%E4H ** ]O˝ hV  F!6 ]O˝VhWh(| Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= RWINDEVEVAL$WORKGROUPWindowsLive:target=virtualapp/didlogical%%8100%E4H ** G hV  F!6 GVhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= NWINDEVEVAL$WORKGROUPMicrosoftAccount:user=02tqpuvkqlxvitre%%8100%E4H le**X  hV  F;!0 VhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security @ȫFJ PJWINDEVEVAL$WORKGROUPH E4Microsoft Software Key Storage ProviderUNKNOWNa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500C:\ProgramData\Microsoft\Crypto\SystemKeys\79ab4562dc0b192b22d9235289fa6dce_7ef75ac9-b320-45ec-b973-147100168dc2%%2458i X**P Q hV  F9!0 QVhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security YQ PJWINDEVEVAL$WORKGROUPMicrosoft Software Key Storage ProviderRSAa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500%%2480iP**  hV  F!6 VhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= NWINDEVEVAL$WORKGROUPMicrosoftAccount:user=02tqpuvkqlxvitre%%8099%E4H il** @, hV  F!6 @,VhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= NWINDEVEVAL$WORKGROUPMicrosoftAccount:user=02tqpuvkqlxvitre%%8100%E4H EV** ; hV  F!6 ;VhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= RWINDEVEVAL$WORKGROUPWindowsLive:target=virtualapp/didlogical%%8100E4H NDEV**@! ? hV  F%!6 ?VhWh(X! Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= nx\aeAdministratorWINDEVEVAL2WindowsLive:(token):name=02jybkxsegaehqky;serviceuri=*%%8100%E4H C:@**@" `? hV  F#!6 `?VhWh(X" Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= lx\aeAdministratorWINDEVEVAL2WindowsLive:(cert):name=02jybkxsegaehqky;serviceuri=*%%8100%E4H VSSV@** # ? hV  F !6 ?VhWh(X# Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Rx\aeAdministratorWINDEVEVAL2WindowsLive:target=virtualapp/didlogical%%8100E4H m ** $ :S hV  F!6 :SVhWh(X$ Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H  **X% 5 hV  F;!0 5VhWh(X% Microsoft-Windows-Security-Auditing%TxTI>;( Security @ȫFJ PJWINDEVEVAL$WORKGROUPH E4Microsoft Software Key Storage ProviderUNKNOWNa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500C:\ProgramData\Microsoft\Crypto\SystemKeys\79ab4562dc0b192b22d9235289fa6dce_7ef75ac9-b320-45ec-b973-147100168dc2%%2458p OpX**P&  hV  F9!0 VhWh(X& Microsoft-Windows-Security-Auditing%TxTI>;( Security YQ PJWINDEVEVAL$WORKGROUPMicrosoft Software Key Storage ProviderRSAa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500%%2480P** ' XΝ hV  F!6 XΝVhWh(X' Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8099%E4H  ** (  hV  F!6 VhWh(X( Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H ows ** ) u hV  F !6 uVhWh(X) Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Rx\aeAdministratorWINDEVEVAL2WindowsLive:target=virtualapp/didlogical%%8100E4H e ** *  hV  F !6 VhWh(X* Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Rx\aeAdministratorWINDEVEVAL2WindowsLive:target=virtualapp/didlogical%%8100E4H **+ ֞ hV  F!6 ֞VhWh(|+ Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= 6x\aeAdministratorWINDEVEVAL2OneDrive Cached Credential%%8100%툨** , ۞ hV  F!6 ۞VhWh(|, Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H e1 **X- ܞ hV  F;!0 ܞVhWh(|- Microsoft-Windows-Security-Auditing%TxTI>;( Security @ȫFJ PJWINDEVEVAL$WORKGROUPH E4Microsoft Software Key Storage ProviderUNKNOWNa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500C:\ProgramData\Microsoft\Crypto\SystemKeys\79ab4562dc0b192b22d9235289fa6dce_7ef75ac9-b320-45ec-b973-147100168dc2%%2458persX**P. Mܞ hV  F9!0 MܞVhWh(|. Microsoft-Windows-Security-Auditing%TxTI>;( Security YQ PJWINDEVEVAL$WORKGROUPMicrosoft Software Key Storage ProviderRSAa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500%%2480:P** / ݞ hV  F!6 ݞVhWh(|/ Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8099%E4H SYS ** 0 ]ޞ hV  F!6 ]ޞVhWh(|0 Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H y  ** 1 Yޞ hV  F !6 YޞVhWh(|1 Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Rx\aeAdministratorWINDEVEVAL2WindowsLive:target=virtualapp/didlogical%%8100%E4H m ** 2 2g hV  F!6 2gVhWh(|2 Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H  **@3 k hV  F%!6 kVhWh(|3 Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= nx\aeAdministratorWINDEVEVAL2WindowsLive:(token):name=02jybkxsegaehqky;serviceuri=*%%8100%E4H cro@**@4 (x hV  F#!6 (xVhWh(|4 Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= lx\aeAdministratorWINDEVEVAL2WindowsLive:(cert):name=02jybkxsegaehqky;serviceuri=*%%8100%E4H ge @** 5  hV  F!6 VhWh(|5 Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H S **X6 l  hV  F;!0 l VhWh(|6 Microsoft-Windows-Security-Auditing%TxTI>;( Security @ȫFJ PJWINDEVEVAL$WORKGROUPH E4Microsoft Software Key Storage ProviderUNKNOWNa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500C:\ProgramData\Microsoft\Crypto\SystemKeys\79ab4562dc0b192b22d9235289fa6dce_7ef75ac9-b320-45ec-b973-147100168dc2%%2458istrX**P7 5  hV  F9!0 5 VhWh(|7 Microsoft-Windows-Security-Auditing%TxTI>;( Security YQ PJWINDEVEVAL$WORKGROUPMicrosoft Software Key Storage ProviderRSAa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500%%2480P** 8 ! hV  F!6 !VhWh(|8 Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8099%E4H  ** 9 ! hV  F!6 !VhWh(|9 Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H Co ** : ! hV  F !6 !VhWh(|: Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Rx\aeAdministratorWINDEVEVAL2WindowsLive:target=virtualapp/didlogical%%8100E4H j ** ; tY hV  F!6 tYVhWh(|; Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H = **X< Z hV  F;!0 ZVhWh(|< Microsoft-Windows-Security-Auditing%TxTI>;( Security @ȫFJ PJWINDEVEVAL$WORKGROUPH E4Microsoft Software Key Storage ProviderUNKNOWNa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500C:\ProgramData\Microsoft\Crypto\SystemKeys\79ab4562dc0b192b22d9235289fa6dce_7ef75ac9-b320-45ec-b973-147100168dc2%%2458LX**P= +Z hV  F9!0 +ZVhWh(|= Microsoft-Windows-Security-Auditing%TxTI>;( Security YQ PJWINDEVEVAL$WORKGROUPMicrosoft Software Key Storage ProviderRSAa306ff7b-acac-fa40-54d8-6a4bb41329c1%%2500%%2480P** > Z hV  F!6 ZVhWh(|> Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8099%E4H ice ** ? zL[ hV  F!6 zL[VhWh(|? Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H ora ** @ Y[ hV  F !6 Y[VhWh(|@ Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Rx\aeAdministratorWINDEVEVAL2WindowsLive:target=virtualapp/didlogical%%8100E4H  ** A c hV  F!6 cVhWh(|A Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H V **@B c hV  F%!6 cVhWh(|B Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= nx\aeAdministratorWINDEVEVAL2WindowsLive:(token):name=02jybkxsegaehqky;serviceuri=*%%8100%E4H @**@C c hV  F#!6 cVhWh(|C Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= lx\aeAdministratorWINDEVEVAL2WindowsLive:(cert):name=02jybkxsegaehqky;serviceuri=*%%8100%E4H ty @** D 8c hV  F!6 8cVhWh(XD Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H  ** E c hV  F!6 cVhWh(|E Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02vqaiuqmqprjhcr%%8100%E4H ege **@F c hV  F%!6 cVhWh(XF Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= nx\aeAdministratorWINDEVEVAL2WindowsLive:(token):name=02jybkxsegaehqky;serviceuri=*%%8100%E4H cro@**@G 6c hV  F#!6 6cVhWh(XG Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= lx\aeAdministratorWINDEVEVAL2WindowsLive:(cert):name=02jybkxsegaehqky;serviceuri=*%%8100%E4H @** H Zz hV  F!6 ZzVhWh(H Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H Pri ** I ~  hV  F!6 ~ VhWh(I Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H  ** J x hV  F!6 xVhWh(J Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H Sys ** K  hV  F!6 VhWh(K Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H e ** L 3 hV  F!6 3VhWh(L Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H Imp ** M T hV  F!6 TVhWh(M Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H THO ** N ̝ hV  F!6 ̝VhWh(XN Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H  ** O  hV  F!6 VhWh(XO Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H ntP ** P  hV  F!6 VhWh(XP Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H  ** Q W hV  F!6 WVhWh(XQ Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H M ** R 힟 hV  F!6 힟VhWh(XR Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H ** S 𞟜 hV  F!6 𞟜VhWh(XS Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= Nx\aeAdministratorWINDEVEVAL2MicrosoftAccount:user=02jybkxsegaehqky%%8100%E4H g% **T Ĵ hV  F!6 ĴVhWh(XT Microsoft-Windows-Security-Auditing%TxTI>;( Security w"B+= "x\aeAdministratorWINDEVEVAL2MicrosoftOffice*%%8100%툨c**U  hV  F!1 VhWh(XU Microsoft-Windows-Security-Auditing%TxTI>;( Security ϲw`O   BWINDEVEVAL$WORKGROUPSYSTEMNT AUTHORITYAdvapi Negotiate---C:\Windows\System32\services.exe--%%1833---%%1843%%1842E**V  hV  F!1@ VhWh(XV Microsoft-Windows-Security-Auditing%TxTI>;( Security xU SYSTEMNT AUTHORITYSeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilegee**W Ϸ hV  F!1 ϷVhWh(W Microsoft-Windows-Security-Auditing%TxTI>;( Security ϲw`O   BWINDEVEVAL$WORKGROUPSYSTEMNT AUTHORITYAdvapi Negotiate---C:\Windows\System32\services.exe--%%1833---%%1843%%1842E**X +Ϸ hV  F!1@ +ϷVhWh(X Microsoft-Windows-Security-Auditing%TxTI>;( Security xU SYSTEMNT AUTHORITYSeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilegee**Y hq hV  F!1 hqVhWh(Y Microsoft-Windows-Security-Auditing%TxTI>;( Security ϲw`O   BWINDEVEVAL$WORKGROUPSYSTEMNT AUTHORITYAdvapi Negotiate---C:\Windows\System32\services.exe--%%1833---%%1843%%1842E**Z q hV  F!1@ qVhWh(Z Microsoft-Windows-Security-Auditing%TxTI>;( Security xU SYSTEMNT AUTHORITYSeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilegee**[ 7 hV  F!1 7VhWh([ Microsoft-Windows-Security-Auditing%TxTI>;( Security ϲw`O   BWINDEVEVAL$WORKGROUPSYSTEMNT AUTHORITYAdvapi Negotiate---C:\Windows\System32\services.exe--%%1833---%%1843%%1842**\ H7 hV  F!1@ H7VhWh(\ Microsoft-Windows-Security-Auditing%TxTI>;( Security xU SYSTEMNT AUTHORITYSeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege**]  hV  F!5+ VhWh] Microsoft-Windows-Security-Auditing%TxTI>;( Security 6#V 6#́?[|ӊSQ~rv A3 %=SubjectUserSid A5 '=SubjectUserName A9 +=SubjectDomainName A3 %=SubjectLogonId A/ != ObjectServer A+ = ObjectType A+ = ObjectName A' =HandleId A! =OldSd A! =NewSd A) = ProcessId A- = ProcessName   h<WINDEVEVAL$WORKGROUPSecurityFileC:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-msS:ARAI(AU;SAFA;0x1f0116;;;WD)C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22000.702_none_04dc3df74c65e3e2\TiWorker.exe z WVh hV  Fit5+ ~)VhWh^ Microsoft-Windows-Security-Auditing%TxTI>;( Security 6#ventlog