MessageIdVersionQualifiersLevelTaskOpcodeKeywordsRecordIdProviderNameProviderIdLogNameProcessIdThreadIdMachineNameUserIdTimeCreatedActivityIdRelatedActivityIdContainerLogMatchedQueryIdsBookmarkLevelDisplayNameOpcodeDisplayNameTaskDisplayNameKeywordsDisplayNamesProperties
Registry file C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-2878440354-3390199485-3815967834-1001_Classes.50400461168601842738790495Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15202468n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 10:36:31 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Admin Profile type: Regular670400461168601842738790494Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15202468n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 10:36:31 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Admin\ntuser.dat is loaded at HKU\S-1-5-21-2878440354-3390199485-3815967834-1001.50400461168601842738790493Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15202468n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 10:36:31 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-2878440354-3390199485-3815967834-1001_Classes.50400461168601842738790492Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15202468n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 10:36:18 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Admin Profile type: Regular670400461168601842738790491Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15202468n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 10:36:18 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Admin\ntuser.dat is loaded at HKU\S-1-5-21-2878440354-3390199485-3815967834-1001.50400461168601842738790490Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15202468n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 10:36:18 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-2878440354-3390199485-3815967834-1001_Classes.50400461168601842738790489Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15202408n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 10:35:57 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Admin Profile type: Regular670400461168601842738790488Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15202408n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 10:35:57 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Admin\ntuser.dat is loaded at HKU\S-1-5-21-2878440354-3390199485-3815967834-1001.50400461168601842738790487Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15202408n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 10:35:57 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-1147113420-1707444388-4210880831-500_Classes.50400461168601842738790486Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15202140n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 8:28:16 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\administrator Profile type: Regular670400461168601842738790485Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15202140n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 8:28:14 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\administrator\ntuser.dat is loaded at HKU\S-1-5-21-1147113420-1707444388-4210880831-500.50400461168601842738790484Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15202140n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 8:28:14 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Disable background user hive upload task succeeded.590400461168601842738790483Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15201548n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 8:28:05 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Disable background user hive upload task succeeded.590400461168601842738790482Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15201548n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 8:27:55 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Disable background user hive upload task succeeded.590400461168601842738790481Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15201548n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 8:27:25 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Disable background user hive upload task succeeded.590400461168601842738790480Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15201548n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 8:27:24 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-2878440354-3390199485-3815967834-1001_Classes.50400461168601842738790479Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15201896n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 8:27:23 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Admin Profile type: Regular670400461168601842738790478Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15201896n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 8:27:23 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Admin\ntuser.dat is loaded at HKU\S-1-5-21-2878440354-3390199485-3815967834-1001.50400461168601842738790477Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15201896n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 8:27:23 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\cloudbase-init\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-2878440354-3390199485-3815967834-1000_Classes.50400461168601842738790476Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15202340n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 8:27:20 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\cloudbase-init Profile type: Regular670400461168601842738790475Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15202340n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 8:27:20 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\cloudbase-init\ntuser.dat is loaded at HKU\S-1-5-21-2878440354-3390199485-3815967834-1000.50400461168601842738790474Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15202340n-h1-758944-4.cbci-758944-4.localS-1-5-181/25/2021 8:27:20 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-2878440354-3390199485-3815967834-1001_Classes.50400461168601842738790473Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational6122796n-h1-758944-4S-1-5-21-2878440354-3390199485-3815967834-10001/25/2021 7:37:21 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Admin Profile type: Regular670400461168601842738790472Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational6122796n-h1-758944-4S-1-5-21-2878440354-3390199485-3815967834-10001/25/2021 7:37:20 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Admin\ntuser.dat is loaded at HKU\S-1-5-21-2878440354-3390199485-3815967834-1001.50400461168601842738790471Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational6122796n-h1-758944-4S-1-5-21-2878440354-3390199485-3815967834-10001/25/2021 7:37:20 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Disable background user hive upload task succeeded.590400461168601842738790470Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational6121696n-h1-758944-4S-1-5-181/25/2021 7:36:46 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\cloudbase-init\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-2878440354-3390199485-3815967834-1000_Classes.50400461168601842738790469Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational6122624n-h1-758944-4S-1-5-181/25/2021 7:36:42 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\cloudbase-init Profile type: Regular670400461168601842738790468Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational6122624n-h1-758944-4S-1-5-181/25/2021 7:36:41 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\cloudbase-init\ntuser.dat is loaded at HKU\S-1-5-21-2878440354-3390199485-3815967834-1000.50400461168601842738790467Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational6122624n-h1-758944-4S-1-5-181/25/2021 7:36:41 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logoff notification on session 1.40400461168601842738790466Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational976672WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:48:12 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logoff notification on session 1.30400461168601842738790465Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational976672WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:48:12 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logon notification on session 1.20400461168601842738790464Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9762072WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:41:32 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Disable background user hive upload task succeeded.590400461168601842738790463Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9761228WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500_Classes.50400461168601842738790462Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9762556WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Administrator Profile type: Regular670400461168601842738790461Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9762556WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\ntuser.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500.50400461168601842738790460Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9762556WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logon notification on session 1.10400461168601842738790459Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9762072WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:41:31 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logoff notification on session 1.40400461168601842738790458Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9561504WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:40:27 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logoff notification on session 1.30400461168601842738790457Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9561504WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:40:27 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logon notification on session 1.20400461168601842738790456Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9562624WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:27:18 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500_Classes.50400461168601842738790455Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational956436WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:18 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Administrator Profile type: Regular670400461168601842738790454Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational956436WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:18 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\ntuser.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500.50400461168601842738790453Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational956436WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:18 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logon notification on session 1.10400461168601842738790452Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9562624WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:27:18 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Disable background user hive upload task succeeded.590400461168601842738790451Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9561256WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:18 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Disable background user hive upload task succeeded.590400461168601842738790450Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9561256WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logoff notification on session 1.40400461168601842738790449Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9561996WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:26:19 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logoff notification on session 1.30400461168601842738790448Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9561996WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:26:18 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logon notification on session 1.20400461168601842738790447Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9562780WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:23:04 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500_Classes.50400461168601842738790446Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9562768WIN-5T344G8GM1HS-1-5-181/19/2018 9:23:04 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Administrator Profile type: Regular670400461168601842738790445Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9562768WIN-5T344G8GM1HS-1-5-181/19/2018 9:23:04 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\ntuser.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500.50400461168601842738790444Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9562768WIN-5T344G8GM1HS-1-5-181/19/2018 9:23:04 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logon notification on session 1.10400461168601842738790443Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9562780WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:23:04 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logoff notification on session 1.40400461168601842738790442Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11802444WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:22:48 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logoff notification on session 1.30400461168601842738790441Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11802444WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:22:48 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logon notification on session 1.20400461168601842738790440Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11802504WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:54:50 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500_Classes.50400461168601842738790439Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11801420WIN-5T344G8GM1HS-1-5-181/19/2018 8:54:49 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Administrator Profile type: Regular670400461168601842738790438Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11801420WIN-5T344G8GM1HS-1-5-181/19/2018 8:54:49 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\ntuser.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500.50400461168601842738790437Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11801420WIN-5T344G8GM1HS-1-5-181/19/2018 8:54:49 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logon notification on session 1.10400461168601842738790436Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11802504WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:54:49 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logoff notification on session 1.40400461168601842738790435Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11922632WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:54:39 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logoff notification on session 1.30400461168601842738790434Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11922632WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:54:39 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logon notification on session 1.20400461168601842738790433Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11922632WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:50:55 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500_Classes.50400461168601842738790432Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11922028WIN-5T344G8GM1HS-1-5-181/19/2018 8:50:55 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Administrator Profile type: Regular670400461168601842738790431Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11922028WIN-5T344G8GM1HS-1-5-181/19/2018 8:50:55 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\ntuser.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500.50400461168601842738790430Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11922028WIN-5T344G8GM1HS-1-5-181/19/2018 8:50:55 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logon notification on session 1.10400461168601842738790429Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11922632WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:50:55 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logoff notification on session 1.40400461168601842738790428Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9641824WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:45:57 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logoff notification on session 1.30400461168601842738790427Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9641824WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:45:56 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logon notification on session 1.20400461168601842738790426Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9642404WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:24:01 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500_Classes.50400461168601842738790425Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9642612WIN-5T344G8GM1HS-1-5-181/19/2018 8:24:00 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Administrator Profile type: Regular670400461168601842738790424Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9642612WIN-5T344G8GM1HS-1-5-181/19/2018 8:24:00 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\ntuser.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500.50400461168601842738790423Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9642612WIN-5T344G8GM1HS-1-5-181/19/2018 8:24:00 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logon notification on session 1.10400461168601842738790422Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9642404WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:24:00 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logoff notification on session 1.40400461168601842738790421Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11763168WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 6:44:38 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logoff notification on session 1.30400461168601842738790420Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11763168WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 6:44:38 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logon notification on session 1.20400461168601842738790419Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11762580WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 6:07:02 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500_Classes.50400461168601842738790418Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11762640WIN-5T344G8GM1HS-1-5-181/16/2018 6:07:02 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Administrator Profile type: Regular670400461168601842738790417Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11762640WIN-5T344G8GM1HS-1-5-181/16/2018 6:07:02 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\ntuser.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500.50400461168601842738790416Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11762640WIN-5T344G8GM1HS-1-5-181/16/2018 6:07:02 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logon notification on session 1.10400461168601842738790415Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11762580WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 6:07:02 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logoff notification on session 1.40400461168601842738790414Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11525108WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 6:02:38 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logoff notification on session 1.30400461168601842738790413Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11525108WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 6:02:38 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logon notification on session 1.20400461168601842738790412Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11522600WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 5:43:06 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500_Classes.50400461168601842738790411Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11521364WIN-5T344G8GM1HS-1-5-181/16/2018 5:43:06 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Administrator Profile type: Regular670400461168601842738790410Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11521364WIN-5T344G8GM1HS-1-5-181/16/2018 5:43:06 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\ntuser.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500.5040046116860184273879049Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11521364WIN-5T344G8GM1HS-1-5-181/16/2018 5:43:06 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logon notification on session 1.1040046116860184273879048Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11522600WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 5:43:06 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logoff notification on session 1.4040046116860184273879047Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9241564WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 5:35:50 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logoff notification on session 1.3040046116860184273879046Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9241564WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 5:35:49 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logon notification on session 1.2040046116860184273879045Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9241948WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 5:02:11 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500_Classes.5040046116860184273879044Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9242872WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Administrator Profile type: Regular67040046116860184273879043Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9242872WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:10 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\ntuser.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500.5040046116860184273879042Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9242872WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:10 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logon notification on session 1.1040046116860184273879041Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9241948WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 5:02:10 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]