| | | | | | | | |
|
| | Log Name | Event Type | Category | Generated On | User | Source | Description
|
| | Application | Warning | 1 | 2020-11-30 10:03:10 | | ESENT | 642: Catalog Database (4160,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-30 10:03:10 | | ESENT | 642: Catalog Database (4160,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-30 10:03:47 | | ESENT | 642: Catalog Database (4160,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-30 10:03:47 | | ESENT | 642: Catalog Database (4160,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-12-03 03:15:18 | | ESENT | 642: Catalog Database (3716,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-12-03 03:15:18 | | ESENT | 642: Catalog Database (3716,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-12-03 10:16:09 | | ESENT | 642: Catalog Database (3716,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-12-03 10:16:09 | | ESENT | 642: Catalog Database (3716,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-12-06 14:36:32 | | ESENT | 642: Catalog Database (4120,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-12-06 14:36:32 | | ESENT | 642: Catalog Database (4120,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-12-06 14:37:24 | | ESENT | 642: Catalog Database (4120,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-12-06 14:37:24 | | ESENT | 642: Catalog Database (4120,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Security | Audit Success | 13312 | 2020-11-30 10:03:00 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x6c New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-30 10:03:00 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0x6c Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2020-11-30 10:03:00 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1a8 New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2020-11-30 10:03:00 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2020-11-30 10:03:01 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1b8 New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1a8 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-30 10:03:01 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1f4 New Process Name: ??????????????-??6??8????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1a8 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-30 10:03:05 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x22c New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1f4 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-30 10:03:06 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x27c New Process Name: ??????????????-??6??8????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1a8 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x284 Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0xddf0 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x284 Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0xde0e Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x143ee Linked Logon ID: 0x14411 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x14411 Linked Logon ID: 0x143ee Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x143ee Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x14411 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x284 New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1f4 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x28c New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x27c Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2e4 New Process Name: ????????????????-??6??c????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x27c Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2f8 New Process Name: ????????????????-??6??4????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x324 New Process Name: ??????????????e??? ????????? ???????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2020-11-30 10:03:07 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xdbfd
|
| | Security | Audit Success | 12292 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x6a0 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x1ef00 Linked Logon ID: 0x1f522 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x6a0 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DANGTRUONG Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x1f522 Linked Logon ID: 0x1ef00 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x6a0 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DANGTRUONG Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x1ef00 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Changed Attributes: SAM Account Name: - Display Name: Ð?ng Tru?ng User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x5b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xdbc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:08 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xdbc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12292 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1040 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:09 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1040 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12290 | 2020-11-30 10:03:11 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-30 10:03:11 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Process Information: Process ID: 2708 Process Creation Time: 2020-11-30T03:03:08.4363641Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\thien\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_31772d8b-3c27-4afb-bed2-57e2da2ee749 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-30 10:03:11 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Process Information: Process ID: 2708 Process Creation Time: 2020-11-30T03:03:08.4363641Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12290 | 2020-11-30 10:03:12 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-30 10:03:12 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 1280 Process Creation Time: 2020-11-30T03:03:11.7143307Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_31772d8b-3c27-4afb-bed2-57e2da2ee749 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-30 10:03:12 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 1280 Process Creation Time: 2020-11-30T03:03:11.7143307Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x41c Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1c88 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:16 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1c88 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:28 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:29 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:29 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:29 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:29 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:29 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:29 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:29 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:29 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:34 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x28cc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:34 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x28cc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:38 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:38 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2630 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-30 10:03:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-11-30 10:03:46 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f522 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x6a0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x6a0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x6a0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x6a0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-30 10:03:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-504 Account Name: WDAGUtilityAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x6a0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-30 10:03:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-30 10:03:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2020-11-30 10:04:06 | | Microsoft-Windows-Security-Auditing | 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x1bed07
|
| | Security | Audit Success | 13568 | 2020-11-30 10:04:06 | | Microsoft-Windows-Security-Auditing | 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x2818 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x1bed07
|
| | Security | Audit Success | 13824 | 2020-11-30 10:04:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:04:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:04:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:04:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:04:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:04:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-30 10:04:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 103 | 2020-11-30 10:04:23 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13312 | 2020-12-03 03:15:00 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x6c New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-12-03 03:15:00 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0x6c Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2020-12-03 03:15:00 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1a8 New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2020-12-03 03:15:00 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2020-12-03 03:15:01 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1b8 New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1a8 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-12-03 03:15:01 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1f4 New Process Name: ??????????????-??6??8????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1a8 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-12-03 03:15:06 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x22c New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1f4 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x284 Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0xddef Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x284 Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0xddfc Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1440f Linked Logon ID: 0x14429 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x14429 Linked Logon ID: 0x1440f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1440f Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x14429 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x27c New Process Name: ??????????????-??6??8????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1a8 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x284 New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1f4 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x28c New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x27c Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2e4 New Process Name: ????????????????-??6??c????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x27c Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2f8 New Process Name: ????????????????-??6??4????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x324 New Process Name: ??????????????e??? ????????? ???????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2020-12-03 03:15:08 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xdbf5
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x670 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x28d7b Linked Logon ID: 0x29050 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x670 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DANGTRUONG Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x29050 Linked Logon ID: 0x28d7b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x670 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DANGTRUONG Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x28d7b Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Changed Attributes: SAM Account Name: - Display Name: Ð?ng Tru?ng User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xc8c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 03:15:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xc8c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12292 | 2020-12-03 03:15:15 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-12-03 03:15:17 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xe84 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 03:15:17 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xe84 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 03:15:17 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12292 | 2020-12-03 03:15:18 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x41c Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 12290 | 2020-12-03 03:15:21 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-12-03 03:15:21 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-03 03:15:21 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Process Information: Process ID: 4816 Process Creation Time: 2020-12-02T20:15:18.1803209Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\thien\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_31772d8b-3c27-4afb-bed2-57e2da2ee749 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-03 03:15:21 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Process Information: Process ID: 4816 Process Creation Time: 2020-12-02T20:15:18.1803209Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-03 03:15:21 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6244 Process Creation Time: 2020-12-02T20:15:21.2040719Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_31772d8b-3c27-4afb-bed2-57e2da2ee749 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-03 03:15:21 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6244 Process Creation Time: 2020-12-02T20:15:21.2040719Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12290 | 2020-12-03 03:15:23 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {B768AE95-FB17-4D45-ADF8-82A0DEADAF8B} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-12-03 03:15:23 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {CC95247F-2839-41ED-B2A0-83091D1EBF58} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-03 03:15:23 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3544 Process Creation Time: 2020-12-02T20:15:15.2773494Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B768AE95-FB17-4D45-ADF8-82A0DEADAF8B} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\79862f4ade0e085f2c41ac047f7615a6_31772d8b-3c27-4afb-bed2-57e2da2ee749 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-03 03:15:23 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3544 Process Creation Time: 2020-12-02T20:15:15.2773494Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {CC95247F-2839-41ED-B2A0-83091D1EBF58} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\7070171879dc654b2c2e7304735e69fd_31772d8b-3c27-4afb-bed2-57e2da2ee749 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-03 03:15:23 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3544 Process Creation Time: 2020-12-02T20:15:15.2773494Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {CC95247F-2839-41ED-B2A0-83091D1EBF58} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-03 03:15:23 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3544 Process Creation Time: 2020-12-02T20:15:15.2773494Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {CC95247F-2839-41ED-B2A0-83091D1EBF58} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-03 03:15:23 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3544 Process Creation Time: 2020-12-02T20:15:15.2773494Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {CC95247F-2839-41ED-B2A0-83091D1EBF58} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-03 03:15:23 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3544 Process Creation Time: 2020-12-02T20:15:15.2773494Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {CC95247F-2839-41ED-B2A0-83091D1EBF58} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:23 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x670 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x697c4 Linked Logon ID: 0x69808 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x670 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DANGTRUONG Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x69808 Linked Logon ID: 0x697c4 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x670 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DANGTRUONG Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x697c4 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:23 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Changed Attributes: SAM Account Name: - Display Name: Ð?ng Tru?ng User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x6c01f Linked Logon ID: 0x6c08c Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: DANGTRUONG Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x6c08c Linked Logon ID: 0x6c01f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: DANGTRUONG Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x69808 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x6c08c Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x697c4 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x6c01f Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x6c01f Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Changed Attributes: SAM Account Name: - Display Name: Ð?ng Tru?ng User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:25 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:25 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-12-03 03:15:26 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d18 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 03:15:26 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d18 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:45 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-12-03 03:15:50 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 03:15:50 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 03:15:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-12-03 03:15:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 03:15:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12288 | 2020-12-03 10:15:54 | | Microsoft-Windows-Security-Auditing | 4616: The system time was changed. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x28d7b Process Information: Process ID: 0x2950 Name: C:\Windows\System32\SystemSettingsAdminFlows.exe Previous Time: 2020-12-02T20:15:58.6487733Z New Time: 2020-12-03T03:15:54.1770000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
|
| | Security | Audit Success | 12288 | 2020-12-03 10:15:54 | | Microsoft-Windows-Security-Auditing | 4616: The system time was changed. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x28d7b Process Information: Process ID: 0x2950 Name: C:\Windows\System32\SystemSettingsAdminFlows.exe Previous Time: 2020-12-03T03:15:54.1772190Z New Time: 2020-12-03T03:15:54.1770000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
|
| | Security | Audit Success | 12544 | 2020-12-03 10:15:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 10:15:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 10:15:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 10:15:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-12-03 10:15:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 10:15:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 10:15:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 10:15:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-03 10:15:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:15:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:15:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:15:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:15:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:15:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:15:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:55 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:55 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:55 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:55 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:55 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:55 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:55 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:55 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 12544 | 2020-12-03 10:15:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 10:15:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:15:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:15:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:15:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:15:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:15:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:59 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:15:59 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x2970 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x2970 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x2970 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x2970 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x2970 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x2970 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x2970 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x2970 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 12290 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: c3ed34a176233497 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6244 Process Creation Time: 2020-12-02T20:15:21.2040719Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: c3ed34a176233497 Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\38964205a452867f67e1822130c04bc3_31772d8b-3c27-4afb-bed2-57e2da2ee749 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6244 Process Creation Time: 2020-12-02T20:15:21.2040719Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: c3ed34a176233497 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:06 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 12544 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x17bc Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-03 10:16:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 12544 | 2020-12-03 10:16:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 10:16:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-12-03 10:16:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 10:16:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-12-03 10:16:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 10:16:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-12-03 10:16:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 10:16:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2020-12-03 10:16:48 | | Microsoft-Windows-Security-Auditing | 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x270d9a
|
| | Security | Audit Success | 13568 | 2020-12-03 10:16:48 | | Microsoft-Windows-Security-Auditing | 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x2d64 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x270d9a
|
| | Security | Audit Success | 13824 | 2020-12-03 10:16:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x27b8 Process Name: C:\Users\thien\AppData\Local\CocCoc\Browser\Application\browser.exe
|
| | Security | Audit Success | 12544 | 2020-12-03 10:17:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 10:17:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-12-03 10:17:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 10:17:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:17:51 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 12544 | 2020-12-03 10:18:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-03 10:18:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 10:18:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-03 10:18:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x70c Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x2880 Process Name: C:\Windows\System32\CompatTelRunner.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x12c8 Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x12c8 Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x12c8 Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x12c8 Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:18:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-504 Account Name: WDAGUtilityAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x12c8 Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe
|
| | Security | Audit Success | 12544 | 2020-12-03 10:19:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 10:19:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-03 10:19:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:19:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:19:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:19:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:19:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:19:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:19:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-12-03 10:19:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 10:19:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:20:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-12-03 10:20:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 10:20:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:21:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-12-03 10:23:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2f8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-03 10:23:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-03 10:23:49 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:24:20 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Additional Information: Caller Workstation: DANGTRUONG Target Account Name: Administrator Target Account Domain: DANGTRUONG
|
| | Security | Audit Success | 13824 | 2020-12-03 10:24:20 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Additional Information: Caller Workstation: DANGTRUONG Target Account Name: DefaultAccount Target Account Domain: DANGTRUONG
|
| | Security | Audit Success | 13824 | 2020-12-03 10:24:20 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Additional Information: Caller Workstation: DANGTRUONG Target Account Name: Guest Target Account Domain: DANGTRUONG
|
| | Security | Audit Success | 13824 | 2020-12-03 10:24:20 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 Additional Information: Caller Workstation: DANGTRUONG Target Account Name: WDAGUtilityAccount Target Account Domain: DANGTRUONG
|
| | Security | Audit Success | 13824 | 2020-12-03 10:24:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x17cc Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 12545 | 2020-12-03 10:25:00 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x29050 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 13824 | 2020-12-03 10:25:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:25:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:25:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:25:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:25:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:25:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:25:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:25:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x2788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:25:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x670 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:25:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x670 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:25:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x670 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:25:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x670 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-12-03 10:25:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-504 Account Name: WDAGUtilityAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x670 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 103 | 2020-12-03 10:25:01 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13312 | 2020-12-06 14:36:16 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x6c New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-12-06 14:36:16 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0x6c Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2020-12-06 14:36:16 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1b4 New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-12-06 14:36:16 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1c4 New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1b4 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2020-12-06 14:36:16 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2020-12-06 14:36:18 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x204 New Process Name: ??????????????-??6??4????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1b4 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-12-06 14:36:27 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x234 New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x204 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2020-12-06 14:36:28 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 13312 | 2020-12-06 14:36:28 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x284 New Process Name: ??????????????-??6??4????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1b4 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-12-06 14:36:28 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x28c New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x204 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-12-06 14:36:28 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x294 New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-12-06 14:36:28 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2ec New Process Name: ????????????????-??6??4????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-12-06 14:36:28 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x300 New Process Name: ????????????????-??6??c????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x28c Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-12-06 14:36:28 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x32c New Process Name: ??????????????e??? ????????? ???????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x28c Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2ec Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x28c Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0xde42 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ec Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0xde2a Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x28c Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2ec Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x14471 Linked Logon ID: 0x1448b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ec Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1448b Linked Logon ID: 0x14471 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ec Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x6c4 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x1ed9f Linked Logon ID: 0x1f4c9 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x6c4 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DANGTRUONG Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x1f4c9 Linked Logon ID: 0x1ed9f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x6c4 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DANGTRUONG Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x14471 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1448b Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x1ed9f Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xdc6a
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:29 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Changed Attributes: SAM Account Name: - Display Name: Ð?ng Tru?ng User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 12292 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x5dc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xe20 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:36:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xe20 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12292 | 2020-12-06 14:36:31 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-12-06 14:36:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1018 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:36:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1018 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12290 | 2020-12-06 14:36:33 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-12-06 14:36:33 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-06 14:36:33 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Process Information: Process ID: 2692 Process Creation Time: 2020-12-06T07:36:30.2456422Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\thien\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_31772d8b-3c27-4afb-bed2-57e2da2ee749 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-06 14:36:33 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Process Information: Process ID: 2692 Process Creation Time: 2020-12-06T07:36:30.2456422Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-06 14:36:33 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 5992 Process Creation Time: 2020-12-06T07:36:33.5467879Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_31772d8b-3c27-4afb-bed2-57e2da2ee749 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-06 14:36:33 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 5992 Process Creation Time: 2020-12-06T07:36:33.5467879Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x418 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12290 | 2020-12-06 14:36:36 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {B768AE95-FB17-4D45-ADF8-82A0DEADAF8B} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-06 14:36:36 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3984 Process Creation Time: 2020-12-06T07:36:30.9895789Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {B768AE95-FB17-4D45-ADF8-82A0DEADAF8B} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\79862f4ade0e085f2c41ac047f7615a6_31772d8b-3c27-4afb-bed2-57e2da2ee749 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {CC95247F-2839-41ED-B2A0-83091D1EBF58} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3984 Process Creation Time: 2020-12-06T07:36:30.9895789Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {CC95247F-2839-41ED-B2A0-83091D1EBF58} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\7070171879dc654b2c2e7304735e69fd_31772d8b-3c27-4afb-bed2-57e2da2ee749 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3984 Process Creation Time: 2020-12-06T07:36:30.9895789Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {CC95247F-2839-41ED-B2A0-83091D1EBF58} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3984 Process Creation Time: 2020-12-06T07:36:30.9895789Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {CC95247F-2839-41ED-B2A0-83091D1EBF58} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3984 Process Creation Time: 2020-12-06T07:36:30.9895789Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {CC95247F-2839-41ED-B2A0-83091D1EBF58} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3984 Process Creation Time: 2020-12-06T07:36:30.9895789Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {CC95247F-2839-41ED-B2A0-83091D1EBF58} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x6c4 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x72196 Linked Logon ID: 0x721da Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x6c4 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DANGTRUONG Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x721da Linked Logon ID: 0x72196 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x6c4 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DANGTRUONG Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x74894 Linked Logon ID: 0x74d5b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: DANGTRUONG Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x74d5b Linked Logon ID: 0x74894 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: DANGTRUONG Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x74d5b Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x721da Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x74894 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x72196 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x72196 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thientruongkt@live.com Account Domain: MicrosoftAccount Logon ID: 0x74894 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Changed Attributes: SAM Account Name: - Display Name: Ð?ng Tru?ng User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:37 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Changed Attributes: SAM Account Name: - Display Name: Ð?ng Tru?ng User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1be8 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:36:38 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1be8 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:50 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-12-06 14:36:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x24d4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:36:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x24d4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-06 14:36:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:36:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-12-06 14:36:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-12-06 14:36:59 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:36:59 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:36:59 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:36:59 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:36:59 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:36:59 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:36:59 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:36:59 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:08 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:08 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 12544 | 2020-12-06 14:37:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:37:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:14 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 12544 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2594 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:37:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12290 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: c3ed34a176233497 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 5992 Process Creation Time: 2020-12-06T07:36:33.5467879Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: c3ed34a176233497 Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\38964205a452867f67e1822130c04bc3_31772d8b-3c27-4afb-bed2-57e2da2ee749 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 5992 Process Creation Time: 2020-12-06T07:36:33.5467879Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: c3ed34a176233497 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13568 | 2020-12-06 14:37:25 | | Microsoft-Windows-Security-Auditing | 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x1b57bf
|
| | Security | Audit Success | 13568 | 2020-12-06 14:37:25 | | Microsoft-Windows-Security-Auditing | 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x2af4 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x1b57bf
|
| | Security | Audit Success | 12544 | 2020-12-06 14:37:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:37:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:37:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:37:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-12-06 14:37:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:37:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-12-06 14:37:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:38:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:38:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-06 14:38:20 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 12544 | 2020-12-06 14:38:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:38:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-06 14:38:34 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1f4c9 User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x1a5c Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:38:58 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x750 Process Name: C:\Windows\Temp\EDGEMITMP_03AD8.tmp\setup.exe
|
| | Security | Audit Success | 12544 | 2020-12-06 14:39:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:39:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-504 Account Name: WDAGUtilityAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-504 Account Name: WDAGUtilityAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-504 Account Name: WDAGUtilityAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-504 Account Name: WDAGUtilityAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-500 Account Name: Administrator Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-501 Account Name: Guest Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-503 Account Name: DefaultAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-504 Account Name: WDAGUtilityAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-504 Account Name: WDAGUtilityAccount Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f User: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f Group: Security ID: S-1-5-32-579 Group Name: Access Control Assistance Operators Group Domain: Builtin Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f Group: Security ID: S-1-5-32-569 Group Name: Cryptographic Operators Group Domain: Builtin Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f Group: Security ID: S-1-5-32-583 Group Name: Device Owners Group Domain: Builtin Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f Group: Security ID: S-1-5-32-578 Group Name: Hyper-V Administrators Group Domain: Builtin Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f Group: Security ID: S-1-5-32-556 Group Name: Network Configuration Operators Group Domain: Builtin Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f Group: Security ID: S-1-5-32-547 Group Name: Power Users Group Domain: Builtin Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f Group: Security ID: S-1-5-32-555 Group Name: Remote Desktop Users Group Domain: Builtin Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f Group: Security ID: S-1-5-32-552 Group Name: Replicator Group Domain: Builtin Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f Group: Security ID: S-1-5-32-581 Group Name: System Managed Accounts Group Group Domain: Builtin Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-12-06 14:40:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-3019899740-3718880093-1614613469-1001 Account Name: thien Account Domain: DANGTRUONG Logon ID: 0x1ed9f Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x86c Process Name: C:\Users\thien\Desktop\Setup\AIDA64.v6.25.5400\aida64.exe
|
| | Security | Audit Success | 12544 | 2020-12-06 14:40:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:40:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-12-06 14:40:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DANGTRUONG$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-12-06 14:40:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | System | Error | None | 2020-11-30 10:03:00 | | volmgr | 46: Crash dump initialization failed!
|
| | System | Warning | None | 2020-11-30 10:03:06 | | BTHUSB | 34: The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff, got 0x1fffffff. Low Energy peripheral role functionality will not be available.
|
| | System | Warning | None | 2020-11-30 10:03:08 | | e1dexpress | 27: Intel(R) Ethernet Connection (5) I219-LM Network link is disconnected.
|
| | System | Warning | None | 2020-11-30 10:03:11 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-30 10:03:11 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-30 10:03:11 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-30 10:03:11 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-30 10:03:27 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-11-30 10:03:36 | thien | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscCloudBackupProvider and APPID Unavailable to the user DANGTRUONG\thien SID (S-1-5-21-3019899740-3718880093-1614613469-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | 1 | 2020-11-30 10:04:06 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x8024200b: 2020-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004 for x64 (KB4580419).
|
| | System | Warning | None | 2020-11-30 10:04:09 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Error | None | 2020-11-30 10:04:12 | SYSTEM | DCOM | 10005: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
|
| | System | Error | None | 2020-11-30 10:04:12 | SYSTEM | DCOM | 10005: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
|
| | System | Error | None | 2020-11-30 10:04:12 | SYSTEM | DCOM | 10005: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
|
| | System | Error | None | 2020-11-30 10:04:12 | SYSTEM | DCOM | 10005: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
|
| | System | Error | None | 2020-11-30 10:04:12 | SYSTEM | DCOM | 10005: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
|
| | System | Error | None | 2020-11-30 10:04:13 | SYSTEM | DCOM | 10005: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server: {8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}
|
| | System | Error | None | 2020-11-30 10:04:13 | SYSTEM | DCOM | 10005: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
|
| | System | Error | None | 2020-11-30 10:04:14 | SYSTEM | DCOM | 10005: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
|
| | System | Error | None | 2020-11-30 10:04:15 | SYSTEM | DCOM | 10005: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
|
| | System | Error | None | 2020-11-30 10:04:16 | SYSTEM | DCOM | 10005: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
|
| | System | Error | None | 2020-11-30 10:04:17 | SYSTEM | DCOM | 10005: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
|
| | System | Error | None | 2020-11-30 10:04:19 | SYSTEM | DCOM | 10005: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
|
| | System | Error | None | 2020-11-30 10:04:20 | SYSTEM | DCOM | 10005: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
|
| | System | Error | None | 2020-11-30 10:04:21 | SYSTEM | DCOM | 10005: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
|
| | System | Error | None | 2020-11-30 10:04:22 | SYSTEM | DCOM | 10005: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
|
| | System | Error | None | 2020-11-30 10:04:23 | SYSTEM | DCOM | 10005: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
|
| | System | Warning | None | 2020-11-30 10:04:24 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll
|
| | System | Error | None | 2020-12-03 03:15:00 | | volmgr | 46: Crash dump initialization failed!
|
| | System | Warning | None | 2020-12-03 03:15:07 | | BTHUSB | 34: The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff, got 0x1fffffff. Low Energy peripheral role functionality will not be available.
|
| | System | Warning | None | 2020-12-03 03:15:08 | | e1dexpress | 27: Intel(R) Ethernet Connection (5) I219-LM Network link is disconnected.
|
| | System | Warning | None | 2020-12-03 03:15:18 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 03:15:20 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-03 03:15:20 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-03 03:15:20 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-03 03:15:20 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-03 03:15:37 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 03:15:49 | thien | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscCloudBackupProvider and APPID Unavailable to the user DANGTRUONG\thien SID (S-1-5-21-3019899740-3718880093-1614613469-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-03 10:16:16 | thien | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DANGTRUONG\thien SID (S-1-5-21-3019899740-3718880093-1614613469-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-03 10:16:31 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:16:39 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:16:46 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Error | 1 | 2020-12-03 10:16:47 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x8024200b: 2020-10 Security Update for Adobe Flash Player for Windows 10 Version 2004 for x64-based Systems (KB4580325).
|
| | System | Warning | None | 2020-12-03 10:16:52 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:17:14 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:17:22 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-03 10:17:22 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-03 10:17:22 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-03 10:17:27 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:17:29 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:17:34 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:17:35 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:17:35 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:17:36 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:17:37 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:17:37 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:17:39 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:17:39 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:17:39 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:17:39 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:17:40 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:17:40 | thien | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DANGTRUONG\thien SID (S-1-5-21-3019899740-3718880093-1614613469-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-03 10:17:42 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:17:44 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:17:51 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:17:51 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:17:51 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:18:00 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:18:04 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:18:05 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:18:09 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:18:13 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:18:25 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:18:25 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:18:26 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:18:26 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:18:26 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:18:29 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:18:45 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:18:45 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:18:45 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Error | 1 | 2020-12-03 10:18:51 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x8024200b: 2020-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004 for x64 (KB4580419).
|
| | System | Error | 1 | 2020-12-03 10:19:04 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x800736b3: 2020-11 Cumulative Update for Windows 10 Version 2004 for x64-based Systems (KB4586781).
|
| | System | Warning | None | 2020-12-03 10:19:11 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Error | 1 | 2020-12-03 10:19:31 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x8024200b: 2020-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004 for x64 (KB4580419).
|
| | System | Warning | None | 2020-12-03 10:19:38 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:19:43 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Error | 1 | 2020-12-03 10:20:01 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x8024200b: 2020-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004 for x64 (KB4580419).
|
| | System | Warning | None | 2020-12-03 10:20:03 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Error | 1 | 2020-12-03 10:20:16 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x8024200b: 2020-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004 for x64 (KB4580419).
|
| | System | Warning | None | 2020-12-03 10:20:16 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:20:23 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Error | 1 | 2020-12-03 10:20:31 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x8024200b: 2020-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004 for x64 (KB4580419).
|
| | System | Error | 1 | 2020-12-03 10:20:43 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x8024200b: 2020-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004 for x64 (KB4580419).
|
| | System | Warning | None | 2020-12-03 10:21:18 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:23:00 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:23:25 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-03 10:23:27 | thien | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DANGTRUONG\thien SID (S-1-5-21-3019899740-3718880093-1614613469-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-03 10:23:47 | thien | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DANGTRUONG\thien SID (S-1-5-21-3019899740-3718880093-1614613469-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-03 10:25:02 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll
|
| | System | Error | None | 2020-12-06 14:36:16 | | volmgr | 46: Crash dump initialization failed!
|
| | System | Warning | None | 2020-12-06 14:36:27 | | BTHUSB | 34: The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff, got 0x1fffffff. Low Energy peripheral role functionality will not be available.
|
| | System | Warning | None | 2020-12-06 14:36:30 | | e1dexpress | 27: Intel(R) Ethernet Connection (5) I219-LM Network link is disconnected.
|
| | System | Warning | None | 2020-12-06 14:36:33 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-06 14:36:33 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-06 14:36:33 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-06 14:36:33 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-06 14:36:43 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-06 14:36:55 | thien | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscCloudBackupProvider and APPID Unavailable to the user DANGTRUONG\thien SID (S-1-5-21-3019899740-3718880093-1614613469-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-06 14:37:14 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Error | 1 | 2020-12-06 14:37:28 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x8024200b: 2020-10 Security Update for Adobe Flash Player for Windows 10 Version 2004 for x64-based Systems (KB4580325).
|
| | System | Warning | None | 2020-12-06 14:37:38 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-06 14:37:45 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-06 14:37:55 | thien | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DANGTRUONG\thien SID (S-1-5-21-3019899740-3718880093-1614613469-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-06 14:38:05 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-06 14:38:08 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-06 14:38:21 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-06 14:38:24 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-06 14:38:24 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-06 14:38:36 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-06 14:38:36 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-06 14:38:36 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-12-06 14:38:39 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-06 14:38:52 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-06 14:39:03 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-06 14:39:05 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-06 14:39:05 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-06 14:39:17 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-06 14:39:18 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Error | 1 | 2020-12-06 14:39:33 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x8024200b: 2020-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004 for x64 (KB4580419).
|
| | System | Error | 1 | 2020-12-06 14:39:39 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x800736b3: 2020-11 Cumulative Update for Windows 10 Version 2004 for x64-based Systems (KB4586781).
|
| | System | Warning | None | 2020-12-06 14:39:40 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Warning | None | 2020-12-06 14:39:40 | LOCAL SERVICE | Microsoft-Windows-WHEA-Logger | 17: A corrected hardware error has occurred. Component: Error Source: 4 Primary Bus:Device:Function: :: Secondary Bus:Device:Function: :: Primary Device Name:0x101 Secondary Device Name:0x10
|
| | System | Error | 1 | 2020-12-06 14:39:57 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x8024200b: 2020-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004 for x64 (KB4580419).
|