Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
DPAPI created Master key.
GUID: {5F055B8E-D9FD-4776-B4BE-DEE843D895FE}
User Storage Area: C:\windows\system32\Microsoft\Protect\S-1-5-18\User\
| 1 | 0 | | 4 | 2 | 0 | -9223372036854775806 | 8 | Microsoft-Windows-Crypto-DPAPI | 89fe8f40-cdce-464e-8217-15ef97d4c7c3 | Microsoft-Windows-Crypto-DPAPI/Operational | 828 | 912 | WIN-5T344G8GM1H | S-1-5-18 | 6/23/2021 6:02:38 PM | d7a2ffcc-6859-0005-d0ff-a2d75968d701 | | microsoft-windows-crypto-dpapi/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Master Key Operation | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
DPAPI created Master key.
GUID: {97045E07-AE3F-48C1-AD5D-20BDD34B4638}
User Storage Area: C:\windows\system32\Microsoft\Protect\S-1-5-18\
| 1 | 0 | | 4 | 2 | 0 | -9223372036854775806 | 7 | Microsoft-Windows-Crypto-DPAPI | 89fe8f40-cdce-464e-8217-15ef97d4c7c3 | Microsoft-Windows-Crypto-DPAPI/Operational | 828 | 912 | WIN-5T344G8GM1H | S-1-5-18 | 6/23/2021 6:02:38 PM | d7a2ffcc-6859-0005-d0ff-a2d75968d701 | | microsoft-windows-crypto-dpapi/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Master Key Operation | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
DPAPI created Master key.
GUID: {C0BA7979-3F77-482C-8A77-B5399F24ED29}
User Storage Area: C:\windows\system32\Microsoft\Protect\S-1-5-18\
| 1 | 0 | | 4 | 2 | 0 | -9223372036854775806 | 6 | Microsoft-Windows-Crypto-DPAPI | 89fe8f40-cdce-464e-8217-15ef97d4c7c3 | Microsoft-Windows-Crypto-DPAPI/Operational | 828 | 916 | WIN-5T344G8GM1H | S-1-5-18 | 6/23/2021 6:02:16 PM | d7a2ffcc-6859-0005-d0ff-a2d75968d701 | | microsoft-windows-crypto-dpapi/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Master Key Operation | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
DPAPI created Master key.
GUID: {C7198921-60F0-4D6D-9A49-A14367A7A880}
User Storage Area: C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-416071247-492812682-1642729393-500\
| 1 | 0 | | 4 | 2 | 0 | -9223372036854775806 | 5 | Microsoft-Windows-Crypto-DPAPI | 89fe8f40-cdce-464e-8217-15ef97d4c7c3 | Microsoft-Windows-Crypto-DPAPI/Operational | 640 | 680 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:22 PM | a4626349-8ea8-0000-df63-62a4a88ed301 | | microsoft-windows-crypto-dpapi/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Master Key Operation | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
DPAPI created Master key.
GUID: {D3ECD52C-2D44-4F3C-8C05-9CCDC4E9B585}
User Storage Area: C:\windows\system32\Microsoft\Protect\S-1-5-18\User\
| 1 | 0 | | 4 | 2 | 0 | -9223372036854775806 | 4 | Microsoft-Windows-Crypto-DPAPI | 89fe8f40-cdce-464e-8217-15ef97d4c7c3 | Microsoft-Windows-Crypto-DPAPI/Operational | 656 | 744 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:29 PM | 60e27e42-8f3f-0003-7a7e-e2603f8fd301 | | microsoft-windows-crypto-dpapi/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Master Key Operation | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
DPAPI created Master key.
GUID: {1D7DC317-5487-4EE6-8BF8-0102D0030E5B}
User Storage Area: C:\windows\system32\Microsoft\Protect\S-1-5-18\
| 1 | 0 | | 4 | 2 | 0 | -9223372036854775806 | 3 | Microsoft-Windows-Crypto-DPAPI | 89fe8f40-cdce-464e-8217-15ef97d4c7c3 | Microsoft-Windows-Crypto-DPAPI/Operational | 656 | 744 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:29 PM | 60e27e42-8f3f-0003-7a7e-e2603f8fd301 | | microsoft-windows-crypto-dpapi/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Master Key Operation | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
DPAPI created Master key.
GUID: {CB844988-F947-47BF-A007-354E50218147}
User Storage Area: C:\windows\system32\Microsoft\Protect\S-1-5-18\
| 1 | 0 | | 4 | 2 | 0 | -9223372036854775806 | 2 | Microsoft-Windows-Crypto-DPAPI | 89fe8f40-cdce-464e-8217-15ef97d4c7c3 | Microsoft-Windows-Crypto-DPAPI/Operational | 656 | 748 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/17/2018 3:01:05 AM | 60e27e42-8f3f-0003-7a7e-e2603f8fd301 | | microsoft-windows-crypto-dpapi/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Master Key Operation | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
DPAPI created Master key.
GUID: {1F2DBBD5-4949-4E62-8FD1-B624A8CE2C1B}
User Storage Area: C:\windows\system32\Microsoft\Protect\S-1-5-18\User\
| 1 | 0 | | 4 | 2 | 0 | -9223372036854775806 | 1 | Microsoft-Windows-Crypto-DPAPI | 89fe8f40-cdce-464e-8217-15ef97d4c7c3 | Microsoft-Windows-Crypto-DPAPI/Operational | 656 | 716 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/17/2018 3:01:05 AM | | | microsoft-windows-crypto-dpapi/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Master Key Operation | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |