RawFile NETAPI32.dll RawFile MSVCRT.dll RawFile ntdll.dll RawFile cryptdll.dll RawFile RPCRT4.dll RawFile KERNEL32.dll RawFile Secur32.dll RawFile USER32.dll RawFile ADVAPI32.dll RawFile SAMSRV.dll RawFile MSASN1.dll RawFile SAMLIB.dll RawFile MPR.dll RawFile NTDSA.dll RawFile DNSAPI.dll RawFile NTDSETUP.dll RawFile CRYPT32.dll RawFile CRYPTUI.dll RawFile USERENV.dll RawFile certcli.dll %11% msaudite.dll False RawFile HAL.dll RawFile BOOTVID.dll RawFile KDCOM.dll %11% msobjs.dll False RawFile WS2_32.dll RawFile ole32.dll HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA CrashOnAuditFail 0 4 1 1 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA auditbaseobjects 0 4 1 1 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA fullprivilegeauditing 00 3 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security 1 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security DisplayNameFile %SystemRoot%\system32\els.dll 2 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security DisplayNameID 257 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security File %SystemRoot%\System32\config\SecEvent.Evt 2 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security MaxSize 5046272 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security PrimaryModule Security 1 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security Retention 0 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security Security 01001480A8000000B4000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200780005000000000014008D01020001010000000000050B000000000018009D0102000102000000000005200000002302000000001800FF010F000102000000000005200000002002000000001800FF010F000102000000000005200000002502000000001400FD010200010100000000000512000000010100000000000512000000010100000000000512000000 3 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security Sources 01001480A8000000B4000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200780005000000000014008D01020001010000000000050B000000000018009D0102000102000000000005200000002302000000001800FF010F000102000000000005200000002002000000001800FF010F000102000000000005200000002502000000001400FD010200010100000000000512000000010100000000000512000000010100000000000512000000Spooler Security Account Manager SC Manager NetDDE Object LSA DS Security 7 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS 1 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS ParameterMessageFile %SystemRoot%\System32\MsObjs.dll 2 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames 1 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames Directory Service Object 7680 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA 1 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA ParameterMessageFile %SystemRoot%\System32\MsObjs.dll 2 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames 1 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames PolicyObject 5632 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames SecretObject 5648 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames TrustedDomainObject 5664 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames UserAccountObject 5680 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object 1 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object ParameterMessageFile %SystemRoot%\System32\MsObjs.dll 2 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames 1 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames DDE Share 7424 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager 1 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager ParameterMessageFile %SystemRoot%\System32\MsObjs.dll 2 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames 1 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames SC_MANAGER Object 7168 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames SERVICE Object 7184 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security 1 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security CategoryCount 9 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll 2 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security EventMessageFile %SystemRoot%\System32\MsAuditE.dll 2 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security GuidMessageFile %SystemRoot%\System32\NtMarta.dll 2 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security ParameterMessageFile %SystemRoot%\System32\MsObjs.dll 2 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security TypesSupported 28 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames 1 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames Channel 5120 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames Desktop 6672 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames Device 4352 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames Directory 4368 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames Event 4384 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames EventPair 4400 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames File 4416 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames IoCompletion 4864 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames Job 5136 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames Key 4432 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames MailSlot 4416 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames Mutant 4448 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames NamedPipe 4416 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames Port 4464 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames Process 4480 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames Profile 4496 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames Section 4512 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames Semaphore 4528 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames SymbolicLink 4544 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames Thread 4560 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames Timer 4576 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames Token 4592 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames Type 4608 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames WaitablePort 4464 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames WindowStation 6656 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager 1 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager ParameterMessageFile %SystemRoot%\System32\MsObjs.dll 2 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames 1 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames SAM_ALIAS 5424 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames SAM_DOMAIN 5392 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames SAM_GROUP 5408 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames SAM_SERVER 5376 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames SAM_USER 5440 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler 1 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler ParameterMessageFile %SystemRoot%\System32\MsObjs.dll 2 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames 1 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames Document 6944 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames Printer 6928 4 1 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames Server 6912 4 1 1 Auditing 1.0 Kernel Auditing 2000 Microsoft Corp. Microsoft Corp. robertre;kumarp;jhamblin;maxa robertre 8/23/2000 8/23/2000