iCat{2c9621d4-253b-4e60-adde-aef1d751c55c}1.0.0.3643648/23/2000iCat{2c9621d4-253b-4e60-adde-aef1d751c55c}1.0.0.3643648/23/2000 ]]>Auditing1.0Kernel Auditing2000 Microsoft Corp.Microsoft Corp.robertre;kumarp;jhamblin;maxarobertre8/23/20008/23/2000RawFileNETAPI32.dllRawFileMSVCRT.dllRawFilentdll.dllRawFilecryptdll.dllRawFileRPCRT4.dllRawFileKERNEL32.dllRawFileSecur32.dllRawFileUSER32.dllRawFileADVAPI32.dllRawFileSAMSRV.dllRawFileMSASN1.dllRawFileSAMLIB.dllRawFileMPR.dllRawFileNTDSA.dllRawFileDNSAPI.dllRawFileNTDSETUP.dllRawFileCRYPT32.dllRawFileCRYPTUI.dllRawFileUSERENV.dllRawFilecertcli.dll%11%msaudite.dll0RawFileHAL.dllRawFileBOOTVID.dllRawFileKDCOM.dll%11%msobjs.dll0RawFileWS2_32.dllRawFileole32.dllHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSACrashOnAuditFail0411HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSAauditbaseobjects0411HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSAfullprivilegeauditing00311HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security111HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\SecurityDisplayNameFile%SystemRoot%\system32\els.dll211HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\SecurityDisplayNameID257411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\SecurityFile%SystemRoot%\System32\config\SecEvent.Evt211HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\SecurityMaxSize5046272411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\SecurityPrimaryModuleSecurity111HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\SecurityRetention0411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\SecuritySecurity01001480A8000000B4000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200780005000000000014008D01020001010000000000050B000000000018009D0102000102000000000005200000002302000000001800FF010F000102000000000005200000002002000000001800FF010F000102000000000005200000002502000000001400FD010200010100000000000512000000010100000000000512000000010100000000000512000000311HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\SecuritySources01001480A8000000B4000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200780005000000000014008D01020001010000000000050B000000000018009D0102000102000000000005200000002302000000001800FF010F000102000000000005200000002002000000001800FF010F000102000000000005200000002502000000001400FD010200010100000000000512000000010100000000000512000000010100000000000512000000Spooler Security Account Manager SC Manager NetDDE Object LSA DS Security711HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS111HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DSParameterMessageFile%SystemRoot%\System32\MsObjs.dll211HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames111HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNamesDirectory Service Object7680411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA111HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSAParameterMessageFile%SystemRoot%\System32\MsObjs.dll211HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames111HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNamesPolicyObject5632411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNamesSecretObject5648411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNamesTrustedDomainObject5664411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNamesUserAccountObject5680411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object111HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE ObjectParameterMessageFile%SystemRoot%\System32\MsObjs.dll211HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames111HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNamesDDE Share7424411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager111HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC ManagerParameterMessageFile%SystemRoot%\System32\MsObjs.dll211HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames111HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNamesSC_MANAGER Object7168411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNamesSERVICE Object7184411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security111HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SecurityCategoryCount9411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SecurityCategoryMessageFile%SystemRoot%\System32\MsAuditE.dll211HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SecurityEventMessageFile%SystemRoot%\System32\MsAuditE.dll211HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SecurityGuidMessageFile%SystemRoot%\System32\NtMarta.dll211HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SecurityParameterMessageFile%SystemRoot%\System32\MsObjs.dll211HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SecurityTypesSupported28411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames111HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesChannel5120411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesDesktop6672411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesDevice4352411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesDirectory4368411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesEvent4384411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesEventPair4400411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesFile4416411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesIoCompletion4864411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesJob5136411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesKey4432411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesMailSlot4416411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesMutant4448411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesNamedPipe4416411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesPort4464411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesProcess4480411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesProfile4496411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesSection4512411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesSemaphore4528411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesSymbolicLink4544411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesThread4560411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesTimer4576411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesToken4592411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesType4608411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesWaitablePort4464411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNamesWindowStation6656411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager111HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account ManagerParameterMessageFile%SystemRoot%\System32\MsObjs.dll211HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames111HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNamesSAM_ALIAS5424411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNamesSAM_DOMAIN5392411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNamesSAM_GROUP5408411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNamesSAM_SERVER5376411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNamesSAM_USER5440411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler111HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SpoolerParameterMessageFile%SystemRoot%\System32\MsObjs.dll211HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames111HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNamesDocument6944411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNamesPrinter6928411HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNamesServer6912411