MessageIdVersionQualifiersLevelTaskOpcodeKeywordsRecordIdProviderNameProviderIdLogNameProcessIdThreadIdMachineNameUserIdTimeCreatedActivityIdRelatedActivityIdContainerLogMatchedQueryIdsBookmarkLevelDisplayNameOpcodeDisplayNameTaskDisplayNameKeywordsDisplayNamesProperties
Registry file C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-632974367-3926730353-3580324693-1001_Classes.50400461168601842738790495Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15122036n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 7:52:51 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Admin Profile type: Regular670400461168601842738790494Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15122036n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 7:52:51 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Admin\ntuser.dat is loaded at HKU\S-1-5-21-632974367-3926730353-3580324693-1001.50400461168601842738790493Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15122036n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 7:52:51 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-632974367-3926730353-3580324693-1001_Classes.50400461168601842738790492Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15123020n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 7:52:37 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Admin Profile type: Regular670400461168601842738790491Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15123020n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 7:52:37 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Admin\ntuser.dat is loaded at HKU\S-1-5-21-632974367-3926730353-3580324693-1001.50400461168601842738790490Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15123020n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 7:52:37 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-632974367-3926730353-3580324693-1001_Classes.50400461168601842738790489Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15122020n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 7:52:23 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Admin Profile type: Regular670400461168601842738790488Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15122020n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 7:52:23 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Admin\ntuser.dat is loaded at HKU\S-1-5-21-632974367-3926730353-3580324693-1001.50400461168601842738790487Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15122020n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 7:52:23 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-2467717732-3871347856-978710570-500_Classes.50400461168601842738790486Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15122124n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 5:48:39 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\administrator Profile type: Regular670400461168601842738790485Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15122124n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 5:48:37 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\administrator\ntuser.dat is loaded at HKU\S-1-5-21-2467717732-3871347856-978710570-500.50400461168601842738790484Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15122124n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 5:48:37 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Disable background user hive upload task succeeded.590400461168601842738790483Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15121540n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 5:48:29 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Disable background user hive upload task succeeded.590400461168601842738790482Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15121540n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 5:48:20 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Disable background user hive upload task succeeded.590400461168601842738790481Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15121540n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 5:47:51 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Disable background user hive upload task succeeded.590400461168601842738790480Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15121540n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 5:47:50 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-632974367-3926730353-3580324693-1001_Classes.50400461168601842738790479Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15123020n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 5:47:49 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Admin Profile type: Regular670400461168601842738790478Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15123020n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 5:47:49 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Admin\ntuser.dat is loaded at HKU\S-1-5-21-632974367-3926730353-3580324693-1001.50400461168601842738790477Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15123020n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 5:47:49 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\cloudbase-init\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-632974367-3926730353-3580324693-1000_Classes.50400461168601842738790476Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15122708n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 5:47:48 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\cloudbase-init Profile type: Regular670400461168601842738790475Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15122708n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 5:47:48 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\cloudbase-init\ntuser.dat is loaded at HKU\S-1-5-21-632974367-3926730353-3580324693-1000.50400461168601842738790474Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational15122708n-h1-766043-1.cbci-766043-1.localS-1-5-1812/8/2020 5:47:48 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-632974367-3926730353-3580324693-1001_Classes.50400461168601842738790473Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational5602248n-h1-766043-1S-1-5-21-632974367-3926730353-3580324693-100012/8/2020 4:55:04 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Admin Profile type: Regular670400461168601842738790472Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational5602248n-h1-766043-1S-1-5-21-632974367-3926730353-3580324693-100012/8/2020 4:55:03 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Admin\ntuser.dat is loaded at HKU\S-1-5-21-632974367-3926730353-3580324693-1001.50400461168601842738790471Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational5602248n-h1-766043-1S-1-5-21-632974367-3926730353-3580324693-100012/8/2020 4:55:03 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Disable background user hive upload task succeeded.590400461168601842738790470Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational5601640n-h1-766043-1S-1-5-1812/8/2020 4:54:33 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\cloudbase-init\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-632974367-3926730353-3580324693-1000_Classes.50400461168601842738790469Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational560796n-h1-766043-1S-1-5-1812/8/2020 4:54:28 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\cloudbase-init Profile type: Regular670400461168601842738790468Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational560796n-h1-766043-1S-1-5-1812/8/2020 4:54:27 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\cloudbase-init\ntuser.dat is loaded at HKU\S-1-5-21-632974367-3926730353-3580324693-1000.50400461168601842738790467Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational560796n-h1-766043-1S-1-5-1812/8/2020 4:54:27 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logoff notification on session 1.40400461168601842738790466Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational976672WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:48:12 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logoff notification on session 1.30400461168601842738790465Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational976672WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:48:12 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logon notification on session 1.20400461168601842738790464Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9762072WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:41:32 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Disable background user hive upload task succeeded.590400461168601842738790463Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9761228WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500_Classes.50400461168601842738790462Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9762556WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Administrator Profile type: Regular670400461168601842738790461Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9762556WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\ntuser.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500.50400461168601842738790460Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9762556WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logon notification on session 1.10400461168601842738790459Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9762072WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:41:31 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logoff notification on session 1.40400461168601842738790458Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9561504WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:40:27 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logoff notification on session 1.30400461168601842738790457Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9561504WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:40:27 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logon notification on session 1.20400461168601842738790456Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9562624WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:27:18 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500_Classes.50400461168601842738790455Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational956436WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:18 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Administrator Profile type: Regular670400461168601842738790454Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational956436WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:18 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\ntuser.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500.50400461168601842738790453Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational956436WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:18 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logon notification on session 1.10400461168601842738790452Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9562624WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:27:18 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Disable background user hive upload task succeeded.590400461168601842738790451Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9561256WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:18 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Disable background user hive upload task succeeded.590400461168601842738790450Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9561256WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logoff notification on session 1.40400461168601842738790449Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9561996WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:26:19 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logoff notification on session 1.30400461168601842738790448Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9561996WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:26:18 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logon notification on session 1.20400461168601842738790447Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9562780WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:23:04 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500_Classes.50400461168601842738790446Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9562768WIN-5T344G8GM1HS-1-5-181/19/2018 9:23:04 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Administrator Profile type: Regular670400461168601842738790445Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9562768WIN-5T344G8GM1HS-1-5-181/19/2018 9:23:04 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\ntuser.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500.50400461168601842738790444Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9562768WIN-5T344G8GM1HS-1-5-181/19/2018 9:23:04 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logon notification on session 1.10400461168601842738790443Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9562780WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:23:04 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logoff notification on session 1.40400461168601842738790442Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11802444WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:22:48 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logoff notification on session 1.30400461168601842738790441Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11802444WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 9:22:48 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logon notification on session 1.20400461168601842738790440Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11802504WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:54:50 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500_Classes.50400461168601842738790439Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11801420WIN-5T344G8GM1HS-1-5-181/19/2018 8:54:49 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Administrator Profile type: Regular670400461168601842738790438Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11801420WIN-5T344G8GM1HS-1-5-181/19/2018 8:54:49 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\ntuser.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500.50400461168601842738790437Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11801420WIN-5T344G8GM1HS-1-5-181/19/2018 8:54:49 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logon notification on session 1.10400461168601842738790436Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11802504WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:54:49 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logoff notification on session 1.40400461168601842738790435Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11922632WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:54:39 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logoff notification on session 1.30400461168601842738790434Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11922632WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:54:39 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logon notification on session 1.20400461168601842738790433Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11922632WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:50:55 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500_Classes.50400461168601842738790432Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11922028WIN-5T344G8GM1HS-1-5-181/19/2018 8:50:55 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Administrator Profile type: Regular670400461168601842738790431Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11922028WIN-5T344G8GM1HS-1-5-181/19/2018 8:50:55 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\ntuser.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500.50400461168601842738790430Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11922028WIN-5T344G8GM1HS-1-5-181/19/2018 8:50:55 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logon notification on session 1.10400461168601842738790429Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11922632WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:50:55 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logoff notification on session 1.40400461168601842738790428Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9641824WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:45:57 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logoff notification on session 1.30400461168601842738790427Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9641824WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:45:56 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logon notification on session 1.20400461168601842738790426Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9642404WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:24:01 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500_Classes.50400461168601842738790425Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9642612WIN-5T344G8GM1HS-1-5-181/19/2018 8:24:00 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Administrator Profile type: Regular670400461168601842738790424Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9642612WIN-5T344G8GM1HS-1-5-181/19/2018 8:24:00 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\ntuser.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500.50400461168601842738790423Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9642612WIN-5T344G8GM1HS-1-5-181/19/2018 8:24:00 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logon notification on session 1.10400461168601842738790422Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9642404WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/19/2018 8:24:00 AMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logoff notification on session 1.40400461168601842738790421Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11763168WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 6:44:38 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logoff notification on session 1.30400461168601842738790420Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11763168WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 6:44:38 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logon notification on session 1.20400461168601842738790419Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11762580WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 6:07:02 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500_Classes.50400461168601842738790418Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11762640WIN-5T344G8GM1HS-1-5-181/16/2018 6:07:02 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Administrator Profile type: Regular670400461168601842738790417Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11762640WIN-5T344G8GM1HS-1-5-181/16/2018 6:07:02 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\ntuser.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500.50400461168601842738790416Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11762640WIN-5T344G8GM1HS-1-5-181/16/2018 6:07:02 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logon notification on session 1.10400461168601842738790415Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11762580WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 6:07:02 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logoff notification on session 1.40400461168601842738790414Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11525108WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 6:02:38 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logoff notification on session 1.30400461168601842738790413Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11525108WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 6:02:38 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logon notification on session 1.20400461168601842738790412Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11522600WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 5:43:06 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500_Classes.50400461168601842738790411Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11521364WIN-5T344G8GM1HS-1-5-181/16/2018 5:43:06 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Administrator Profile type: Regular670400461168601842738790410Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11521364WIN-5T344G8GM1HS-1-5-181/16/2018 5:43:06 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\ntuser.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500.5040046116860184273879049Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11521364WIN-5T344G8GM1HS-1-5-181/16/2018 5:43:06 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logon notification on session 1.1040046116860184273879048Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational11522600WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 5:43:06 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logoff notification on session 1.4040046116860184273879047Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9241564WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 5:35:50 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logoff notification on session 1.3040046116860184273879046Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9241564WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 5:35:49 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Finished processing user logon notification on session 1.2040046116860184273879045Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9241948WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 5:02:11 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\AppData\Local\Microsoft\Windows\\UsrClass.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500_Classes.5040046116860184273879044Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9242872WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Logon type: Regular Local profile location: C:\Users\Administrator Profile type: Regular67040046116860184273879043Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9242872WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:10 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Registry file C:\Users\Administrator\ntuser.dat is loaded at HKU\S-1-5-21-416071247-492812682-1642729393-500.5040046116860184273879042Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9242872WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:10 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Recieved user logon notification on session 1.1040046116860184273879041Microsoft-Windows-User Profiles Service89b1e9f0-5aff-44a6-9b44-0a07a7ce5845Microsoft-Windows-User Profile Service/Operational9241948WIN-5T344G8GM1HS-1-5-21-416071247-492812682-1642729393-5001/16/2018 5:02:10 PMmicrosoft-windows-user profile service/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]