﻿info.txt logfile of random's system information tool 1.10 2019-12-23 22:56:39

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A00000000000000000200EEFEBF0001000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

@BIOS-->"C:\Program Files (x86)\InstallShield Installation Information\{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}\setup.exe" -runfromtemp -l0x0409  -removeonly
@BIOS-->MsiExec.exe /I{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}
ADATA SSD ToolBox version 3.0.4-->"C:\Program Files (x86)\ADATA\SSD ToolBox\unins000.exe"
AIMP-->C:\Program Files (x86)\AIMP\Uninstall.exe
AMD Ryzen Master-->MsiExec.exe /X{5A1CE077-7111-4C7D-A5C5-E210D4B68AD8}
AMD Software-->"C:\Program Files\AMD\CIM\BIN64\RadeonInstaller.exe" /EXPRESS_UNINSTALL /IGNORE_UPGRADE /ON_REBOOT_MESSAGE:NO
AORUS ENGINE-->"C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\unins000.exe"
APP Center-->"C:\Program Files (x86)\InstallShield Installation Information\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}\setup.exe" -runfromtemp -l0x0409  -uninst -removeonly
APP Center-->MsiExec.exe /I{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}
AutoGreen-->"C:\Program Files (x86)\InstallShield Installation Information\{CFB76B97-0C1C-4E1A-999A-DE62FA5FEB9A}\setup.exe" -runfromtemp -l0x0409  -removeonly
AutoGreen-->MsiExec.exe /I{CFB76B97-0C1C-4E1A-999A-DE62FA5FEB9A}
Backup and Sync from Google-->MsiExec.exe /X{93EBD8BA-7A14-4636-8F1F-E929ADF2C3A9}
Balanced-->MsiExec.exe /X{EFD0705E-598B-46D4-8D5B-4539431764B8}
Battle.net-->"C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enUS --uid=battle.net --displayname="Battle.net"
BUSB-->MsiExec.exe /X{0AADC50C-C4F8-49A7-8699-AFE46875CA67}
Counter-Strike 1.6-->D:\Program Files (x86)\Counter-Strike 1.6\Uninstal.exe
Counter-Strike: Global Offensive-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/730
CrystalDiskInfo 8.0.0-->"C:\Program Files (x86)\CrystalDiskInfo\unins000.exe"
Cuisine Royale-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/884660
Dungeon Defenders II-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/236110
Epic Games Launcher Prerequisites (x64)-->MsiExec.exe /X{66C5838F-B854-4A55-89E6-A6138747A4DF}
GigabyteFirmwareUpdateUtility-->"C:\Program Files (x86)\InstallShield Installation Information\{1CBA99CE-1AB3-4366-AFB4-7F7B75EBBE35}\setup.exe" -runfromtemp -l0x0409  -removeonly
GigabyteFirmwareUpdateUtility-->MsiExec.exe /I{1CBA99CE-1AB3-4366-AFB4-7F7B75EBBE35}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\setup.exe" --uninstall --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
GService-->MsiExec.exe /I{D9CB4282-7B2A-4840-AD1D-9DA72B973DD9}
Cheat Engine 6.8.3-->"C:\Program Files\Cheat Engine 6.8.3\unins000.exe"
Intel(R) Network Connections 21.1.29.0-->MsiExec.exe /i{1E5EDF73-13EC-4211-820D-1900B8BD7951} ARPREMOVE=1
Intel(R) Network Connections 21.1.29.0-->MsiExec.exe /i{1E5EDF73-13EC-4211-820D-1900B8BD7951} ARPREMOVE=1
Launcher Prerequisites (x64)-->"C:\ProgramData\Package Cache\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}\LauncherPrereqSetup_x64.exe"  /uninstall
Lightshot-5.4.0.35-->"C:\Program Files (x86)\Skillbrains\lightshot\unins000.exe"
Logitech Gaming Software 9.02-->C:\Program Files\Logitech Gaming Software\uninstallhlpr.exe /bitness=x64 /silentmode=off /langid=ENU /downgrade=no /firstRun=yes
Metro Exodus Gold Edition MULTi9 - ElAmigos verze 1.0-->"D:\Hry\Metro Exodus\unins000.exe"
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030-->"C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"  /uninstall
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030-->"C:\ProgramData\Package Cache\{d491dd9d-2eda-4d75-b504-1a201436e7fd}\vcredist_x64.exe"  /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030-->"C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"  /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030-->"C:\ProgramData\Package Cache\{3994d355-238a-4612-af93-26d13deddef1}\vcredist_x86.exe"  /uninstall
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030-->MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030-->MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501-->"C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe"  /uninstall
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649-->"C:\ProgramData\Package Cache\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\vcredist_x64.exe"  /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501-->"C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe"  /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649-->"C:\ProgramData\Package Cache\{35b83883-40fa-423c-ae73-2aff7e1ea820}\vcredist_x86.exe"  /uninstall
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40649-->MsiExec.exe /X{20C1086D-C843-36B1-B678-990089D1BD44}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40649-->MsiExec.exe /X{ABB19BB4-838D-3082-BDA4-87C6604181A2}
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40649-->MsiExec.exe /X{A8589745-51BC-3963-B4E9-201CF8693538}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40649-->MsiExec.exe /X{DEA7F8E3-B7B9-3C3C-945B-7F8CE9041748}
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821-->"C:\ProgramData\Package Cache\{6361b579-2795-4886-b2a8-53d5239b6452}\VC_redist.x64.exe"  /uninstall
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821-->"C:\ProgramData\Package Cache\{5bfc1380-fd35-4b85-9715-7351535d077e}\VC_redist.x86.exe"  /uninstall
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.22.27821-->MsiExec.exe /I{6E2C7A8E-B17A-4637-9CE9-F0B1157CF378}
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.22.27821-->MsiExec.exe /I{0093C20C-273D-4397-B623-515CB8616CB9}
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.22.27821-->MsiExec.exe /I{3BDE80F7-7EC9-448E-8160-4ADA0CDA8879}
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.22.27821-->MsiExec.exe /I{1E6FC929-567E-4D22-9206-C5B83F0A21B9}
MSI Afterburner 4.6.1-->"C:\Program Files (x86)\MSI Afterburner\uninstall.exe"
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NVIDIA GeForce Experience 3.20.1.57-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.GFExperience
NVIDIA Grafický ovládač 441.66-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA Ovládač zvuku HD 1.3.38.21-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver
NVIDIA Softvér systému s podporou technológie PhysX 9.19.0218-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
NVIDIA USBC Driver 1.38.831.832-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage USBC
OEM Application Profile-->MsiExec.exe /X{7F5DCD33-1039-C3B2-9538-B645B65BBA63}
ON_OFF Charge 2 B15.0709.1-->"C:\Program Files (x86)\InstallShield Installation Information\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}\setup.exe" -runfromtemp -l0x0409  -removeonly
ON_OFF Charge 2 B15.0709.1-->MsiExec.exe /I{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}
qBittorrent 4.1.9.1-->"C:\Program Files\qBittorrent\uninst.exe"
Realtek High Definition Audio Driver-->"C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe" -r -m -nrg2709
RGB Fusion-->MsiExec.exe /I{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}
Rockstar Games Launcher-->"C:\Program Files\Rockstar Games\Launcher\uninstall.exe"
Rockstar Games Social Club-->C:\Program Files\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe
SIV-->"C:\Program Files (x86)\InstallShield Installation Information\{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}\setup.exe" -runfromtemp -l0x0409  -removeonly
SIV-->MsiExec.exe /I{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}
Smart Backup (x64)-->"C:\Program Files (x86)\InstallShield Installation Information\{BC1FA5CF-A36F-4C61-9638-09D0B431B006}\setup.exe" -runfromtemp -l0x0409  -removeonly
Smart Survey-->"C:\Program Files (x86)\InstallShield Installation Information\{EF7FC172-E7C8-447F-B9A7-0FFF20F2DC36}\setup.exe" -runfromtemp -l0x0409  -removeonly
Smart Survey-->MsiExec.exe /I{EF7FC172-E7C8-447F-B9A7-0FFF20F2DC36}
Smart TimeLock-->"C:\Program Files (x86)\InstallShield Installation Information\{5D93E30A-78A3-4890-962F-56B61A5873DD}\setup.exe" -runfromtemp -l0x0409  -removeonly
Smart TimeLock-->MsiExec.exe /I{5D93E30A-78A3-4890-962F-56B61A5873DD}
SmartKeyboard-->"C:\Program Files (x86)\InstallShield Installation Information\{75B74C36-A9C6-4912-B4BB-C461AA36D01E}\setup.exe" -runfromtemp -l0x0409  -removeonly
SmartKeyboard-->MsiExec.exe /I{75B74C36-A9C6-4912-B4BB-C461AA36D01E}
Steam-->C:\Program Files (x86)\Steam\uninstall.exe
The Sims 4-->"D:\Games\The Sims 4\unins000.exe"
Titan Quest Anniversary Edition Atlantis-->"D:\Games\Titan Quest Anniversary Edition Atlantis\unins000.exe"
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409  -removeonly
Update for Windows 10 for x64-based Systems (KB4023057)-->MsiExec.exe /X{16AD6161-2E47-4BF1-AA77-0946EFE93E08}
VLC media player-->"C:\Program Files\VideoLAN\VLC\uninstall.exe"
Warcraft III verze 1.22-->"d:\Program Files (x86)\Warcraft III\unins000.exe"
WinRAR 5.71 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft Classic-->"C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enUS --uid=wow_classic --displayname="World of Warcraft Classic"
World of Warcraft-->"C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enUS --uid=wow_enus --displayname="World of Warcraft"

======System event log======

Computer Name: DESKTOP-FVLKRAU
Event Code: 10010
Message: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.
Record Number: 129
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20190825094527.199236-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: DESKTOP-FVLKRAU
Event Code: 7030
Message: Služba Rozšíření a oznámení tiskárny je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.
Record Number: 127
Source Name: Service Control Manager
Time Written: 20190825094509.946731-000
Event Type: Error
User: 

Computer Name: DESKTOP-FVLKRAU
Event Code: 7023
Message: Služba Služba seznamu sítí bola ukončená s nasledujúcou chybou: 
The device is not ready.
Record Number: 59
Source Name: Service Control Manager
Time Written: 20190825094327.172723-000
Event Type: Error
User: 

Computer Name: DESKTOP-FVLKRAU
Event Code: 7023
Message: Služba iphlpsvc bola ukončená s nasledujúcou chybou: 
The device is not ready.
Record Number: 51
Source Name: Service Control Manager
Time Written: 20190825094309.629354-000
Event Type: Error
User: 

Computer Name: DESKTOP-FVLKRAU
Event Code: 7000
Message: Spustenie služby luafv zlyhalo kvôli nasledujúcej chybe: 
This driver has been blocked from loading
Record Number: 42
Source Name: Service Control Manager
Time Written: 20190825094308.676167-000
Event Type: Error
User: 

=====Application event log=====

Computer Name: DESKTOP-FVLKRAU
Event Code: 0
Message: Službu nelze spustit. Neplatný popisovač
Record Number: 49
Source Name: GbtCareBotService
Time Written: 20190825094837.476114-000
Event Type: Error
User: 

Computer Name: DESKTOP-FVLKRAU
Event Code: 256
Message: Službe Cryptographic Services sa nepodarilo inicializovať databázu katalógu. Chyba: -2147418113 (0x8000ffff) : Katastrofální selhání
.
Record Number: 8
Source Name: Microsoft-Windows-CAPI2
Time Written: 20190825094324.853265-000
Event Type: Error
User: 

Computer Name: DESKTOP-FVLKRAU
Event Code: 256
Message: Službe Cryptographic Services sa nepodarilo inicializovať databázu katalógu. Chyba: -2147418113 (0x8000ffff) : Katastrofální selhání
.
Record Number: 7
Source Name: Microsoft-Windows-CAPI2
Time Written: 20190825094323.351097-000
Event Type: Error
User: 

Computer Name: DESKTOP-FVLKRAU
Event Code: 256
Message: Službe Cryptographic Services sa nepodarilo inicializovať databázu katalógu. Chyba: -2147418113 (0x8000ffff) : Katastrofální selhání
.
Record Number: 6
Source Name: Microsoft-Windows-CAPI2
Time Written: 20190825094321.767478-000
Event Type: Error
User: 

Computer Name: DESKTOP-FVLKRAU
Event Code: 256
Message: Službe Cryptographic Services sa nepodarilo inicializovať databázu katalógu. Chyba: -2147418113 (0x8000ffff) : Katastrofální selhání
.
Record Number: 5
Source Name: Microsoft-Windows-CAPI2
Time Written: 20190825094313.707763-000
Event Type: Error
User: 

=====Security event log=====

Computer Name: DESKTOP-FVLKRAU
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
	Security ID:		S-1-5-18
	Account Name:		SYSTEM
	Account Domain:		NT AUTHORITY
	Logon ID:		0x3E7

Privileges:		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
			SeDelegateSessionUserImpersonatePrivilege
Record Number: 282185
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20191209111901.818522-000
Event Type: Audit Success
User: 

Computer Name: DESKTOP-FVLKRAU
Event Code: 4624
Message: An account was successfully logged on.

Subject:
	Security ID:		S-1-5-18
	Account Name:		DESKTOP-FVLKRAU$
	Account Domain:		WORKGROUP
	Logon ID:		0x3E7

Logon Information:
	Logon Type:		5
	Restricted Admin Mode:	-
	Virtual Account:		No
	Elevated Token:		Yes

Impersonation Level:		Impersonation

New Logon:
	Security ID:		S-1-5-18
	Account Name:		SYSTEM
	Account Domain:		NT AUTHORITY
	Logon ID:		0x3E7
	Linked Logon ID:		0x0
	Network Account Name:	-
	Network Account Domain:	-
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Process Information:
	Process ID:		0x340
	Process Name:		C:\Windows\System32\services.exe

Network Information:
	Workstation Name:	-
	Source Network Address:	-
	Source Port:		-

Detailed Authentication Information:
	Logon Process:		Advapi  
	Authentication Package:	Negotiate
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
	- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 282184
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20191209111901.818513-000
Event Type: Audit Success
User: 

Computer Name: DESKTOP-FVLKRAU
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
	Security ID:		S-1-5-18
	Account Name:		SYSTEM
	Account Domain:		NT AUTHORITY
	Logon ID:		0x3E7

Privileges:		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
			SeDelegateSessionUserImpersonatePrivilege
Record Number: 282183
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20191209111901.542736-000
Event Type: Audit Success
User: 

Computer Name: DESKTOP-FVLKRAU
Event Code: 4624
Message: An account was successfully logged on.

Subject:
	Security ID:		S-1-5-18
	Account Name:		DESKTOP-FVLKRAU$
	Account Domain:		WORKGROUP
	Logon ID:		0x3E7

Logon Information:
	Logon Type:		5
	Restricted Admin Mode:	-
	Virtual Account:		No
	Elevated Token:		Yes

Impersonation Level:		Impersonation

New Logon:
	Security ID:		S-1-5-18
	Account Name:		SYSTEM
	Account Domain:		NT AUTHORITY
	Logon ID:		0x3E7
	Linked Logon ID:		0x0
	Network Account Name:	-
	Network Account Domain:	-
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Process Information:
	Process ID:		0x340
	Process Name:		C:\Windows\System32\services.exe

Network Information:
	Workstation Name:	-
	Source Network Address:	-
	Source Port:		-

Detailed Authentication Information:
	Logon Process:		Advapi  
	Authentication Package:	Negotiate
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
	- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 282182
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20191209111901.542729-000
Event Type: Audit Success
User: 

Computer Name: DESKTOP-FVLKRAU
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
	Security ID:		S-1-5-18
	Account Name:		SYSTEM
	Account Domain:		NT AUTHORITY
	Logon ID:		0x3E7

Privileges:		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
			SeDelegateSessionUserImpersonatePrivilege
Record Number: 282181
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20191209111017.184242-000
Event Type: Audit Success
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DriverData"=C:\Windows\System32\Drivers\DriverData
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"Path"=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NGX;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
"PSModulePath"=%ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files\Intel\
"AMDRMPATH"=C:\Program Files\AMD\RyzenMaster\
"NUMBER_OF_PROCESSORS"=16
"PROCESSOR_LEVEL"=23
"PROCESSOR_IDENTIFIER"=AMD64 Family 23 Model 8 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0802

-----------------EOF-----------------
