Message	Id	Level	Task	Keywords	RecordId	ProviderName	ProviderId	LogName	ProcessId	ThreadId	MachineName	UserId	TimeCreated	ActivityId	ContainerLog	MatchedQueryIds	Bookmark	LevelDisplayName	OpcodeDisplayName	TaskDisplayName	KeywordsDisplayNames	Properties
DPAPI created Master key. GUID: {A893AC4B-0A31-4033-8A14-1FC9BD2528EE} User Storage Area: C:\windows\system32\Microsoft\Protect\S-1-5-18\User\	1	4	2	-9223372036854775806	8	Microsoft-Windows-Crypto-DPAPI	89fe8f40-cdce-464e-8217-15ef97d4c7c3	Microsoft-Windows-Crypto-DPAPI/Operational	824	868	WIN-5T344G8GM1H	S-1-5-18	4/28/2022 9:44:37 PM	0568dac3-5b49-0005-c8da-6805495bd801	microsoft-windows-crypto-dpapi/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Master Key Operation	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
DPAPI created Master key. GUID: {1F01CF41-787B-4FD4-B215-905D18898E04} User Storage Area: C:\windows\system32\Microsoft\Protect\S-1-5-18\	1	4	2	-9223372036854775806	7	Microsoft-Windows-Crypto-DPAPI	89fe8f40-cdce-464e-8217-15ef97d4c7c3	Microsoft-Windows-Crypto-DPAPI/Operational	824	868	WIN-5T344G8GM1H	S-1-5-18	4/28/2022 9:44:37 PM	0568dac3-5b49-0005-c8da-6805495bd801	microsoft-windows-crypto-dpapi/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Master Key Operation	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
DPAPI created Master key. GUID: {E3662185-AD1D-4062-87B8-DD47CA0E1914} User Storage Area: C:\windows\system32\Microsoft\Protect\S-1-5-18\	1	4	2	-9223372036854775806	6	Microsoft-Windows-Crypto-DPAPI	89fe8f40-cdce-464e-8217-15ef97d4c7c3	Microsoft-Windows-Crypto-DPAPI/Operational	824	912	WIN-5T344G8GM1H	S-1-5-18	4/28/2022 9:44:03 PM	0568dac3-5b49-0005-c8da-6805495bd801	microsoft-windows-crypto-dpapi/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Master Key Operation	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
DPAPI created Master key. GUID: {C7198921-60F0-4D6D-9A49-A14367A7A880} User Storage Area: C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-416071247-492812682-1642729393-500\	1	4	2	-9223372036854775806	5	Microsoft-Windows-Crypto-DPAPI	89fe8f40-cdce-464e-8217-15ef97d4c7c3	Microsoft-Windows-Crypto-DPAPI/Operational	640	680	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:22 PM	a4626349-8ea8-0000-df63-62a4a88ed301	microsoft-windows-crypto-dpapi/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Master Key Operation	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
DPAPI created Master key. GUID: {D3ECD52C-2D44-4F3C-8C05-9CCDC4E9B585} User Storage Area: C:\windows\system32\Microsoft\Protect\S-1-5-18\User\	1	4	2	-9223372036854775806	4	Microsoft-Windows-Crypto-DPAPI	89fe8f40-cdce-464e-8217-15ef97d4c7c3	Microsoft-Windows-Crypto-DPAPI/Operational	656	744	WIN-PD8DQPRRTAO	S-1-5-18	1/16/2018 5:01:29 PM	60e27e42-8f3f-0003-7a7e-e2603f8fd301	microsoft-windows-crypto-dpapi/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Master Key Operation	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
DPAPI created Master key. GUID: {1D7DC317-5487-4EE6-8BF8-0102D0030E5B} User Storage Area: C:\windows\system32\Microsoft\Protect\S-1-5-18\	1	4	2	-9223372036854775806	3	Microsoft-Windows-Crypto-DPAPI	89fe8f40-cdce-464e-8217-15ef97d4c7c3	Microsoft-Windows-Crypto-DPAPI/Operational	656	744	WIN-PD8DQPRRTAO	S-1-5-18	1/16/2018 5:01:29 PM	60e27e42-8f3f-0003-7a7e-e2603f8fd301	microsoft-windows-crypto-dpapi/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Master Key Operation	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
DPAPI created Master key. GUID: {CB844988-F947-47BF-A007-354E50218147} User Storage Area: C:\windows\system32\Microsoft\Protect\S-1-5-18\	1	4	2	-9223372036854775806	2	Microsoft-Windows-Crypto-DPAPI	89fe8f40-cdce-464e-8217-15ef97d4c7c3	Microsoft-Windows-Crypto-DPAPI/Operational	656	748	WIN-PD8DQPRRTAO	S-1-5-18	1/17/2018 3:01:05 AM	60e27e42-8f3f-0003-7a7e-e2603f8fd301	microsoft-windows-crypto-dpapi/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Master Key Operation	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
DPAPI created Master key. GUID: {1F2DBBD5-4949-4E62-8FD1-B624A8CE2C1B} User Storage Area: C:\windows\system32\Microsoft\Protect\S-1-5-18\User\	1	4	2	-9223372036854775806	1	Microsoft-Windows-Crypto-DPAPI	89fe8f40-cdce-464e-8217-15ef97d4c7c3	Microsoft-Windows-Crypto-DPAPI/Operational	656	716	WIN-PD8DQPRRTAO	S-1-5-18	1/17/2018 3:01:05 AM		microsoft-windows-crypto-dpapi/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info	Master Key Operation	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]