ElfFile€џаElfChnk€А |№яZ)7 ЛЩ №  Ю=ŽЮƒїІ›f?јЭЉMFК7&**А ж;ЂФ&ж;ЂФPяDЬяt3LйKБAџџЅMК Event‡jМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџЮјoTSystemAџџYё{Provider6F=K•NameX)GuidAMzѕaEventID'›X)к Qualifiers "Ю Version їdЮLevelE{Task ?ЎOpcode$fjЯKeywordsAџџP‘;Ž TimeCreated'Кj<{ SystemTime .шF EventRecordID Aџџ…Ђђ Correlation\FF ё ActivityIDmz5ХRelatedActivityID AџџmЉИЕ ExecutionHFЮF з ProcessIDѓ…9ThreadID "ƒaChannelџџ6F‘;nComputer Laptop-SWAџџBƒ .SecurityІfLUserID $Эm5DUserData!  <HЄ! &r €œуMш‚ЮФЬ Microsoft-Windows-PrintService§і~t5хMЕBЩhsЁMicrosoft-Windows-PrintService/Admin saЕ3saЕ3ГХaМOЋƒ§ЌkЅБ Aџџ7="PackageRegenerationForDriverFailed4FŽNwxmlns:auto-ns3/http://schemas.microsoft.com/win/2004/08/eventsjOhttp://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/eventsџџ Щ SParam1 џџ № ѓSParam2 џџ  шSParam3 2Brother DCP-J140W PrinterWindows x642114 (0x842)emАme &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityID AџџUИЕ Execution8F з ProcessID…9ThreadID ƒaChannelџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID !  < н!?)€?єGш‚ЮЙЙMicrosoft-Windows-Kernel-Power:;3 ТDЌ^w" 7жДSystem љœПТЁJ|ПЎO…ЇМrџџfD‚ EventDataAџџCŠoData+K•Name BugcheckCode AџџOŠoData7K•NameBugcheckParameter1 AџџOŠoData7K•NameBugcheckParameter2 AџџOŠoData7K•NameBugcheckParameter3 AџџOŠoData7K•NameBugcheckParameter4 AџџIŠoData1K•NameSleepInProgress  AџџSŠoData;K•NamePowerButtonTimestamp    ј‰ЧЂPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџО ўџџџџџџџg м ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂНћЙЙ>F. T‚4qїрЎ\‡ŒЧ’^ЏAЃК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџ:ё{ProviderK•NamevolmgrA=ѕaEventID)к QualifiersdЮLevelE{TaskjЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID џџ&ƒaChannelSystemџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID ! ч!.Р€вEGш‚Ю,ГЙ Fгь%g>Ж9з{p(щ`џџTD‚ EventDataŠoData!ИBinary0(\Device\HarddiskVolume2(.РРј‰ЧЂPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџО ўџџџџџџџg м ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂНћГЙш №и ѓ„pu†ЃаpІЮ?й4ЏЏКAЎК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџAё{Provider&FK•Name)GuidA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityID AџџUИЕ Execution8F з ProcessID…9ThreadID ƒaChannelџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID !  N!њ€юфЙ'p‚Ю@<ј&ŠмЖV‚ЮHЄˆЧMicrosoft-Windows-User Profiles Service№щБ‰џZІD›D ЇЮXEApplication “ъЙ/ќУ”*F‰уї™AџџD‚ EventData1K•NameEVENT_HIVE_LEAKAџџ7ŠoDataK•NameDetail D2 user registry handles leaked from \Registry\User\S-1-5-21-305639262-2269815344-1496069459-1000: Process 1096 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-305639262-2269815344-1496069459-1000 Process 1096 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-305639262-2269815344-1496069459-1000\Software\Microsoft\RAS AutoDial јˆЧЂPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџО ўџџџџџџџg м ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂНћ“Йrzb n!№r]0„+–gr|БAЅК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџ<ё{Provider!K•NameRTL8167A=ѕaEventID)к QualifiersdЮLevelE{TaskjЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID џџ&ƒaChannelSystemџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID ! !€€ьEQ$p‚Ю8Й Fгь%g>Ж9з{p(щ`џџTD‚ EventDataŠoData!ИBinaryb(\Device\NDMP6Realtek PCIe GBE Family Controller(0€ј„Ч PўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџО ўџџџџџџџg м ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂЛћЙЖОІ 7|Ђ&€7u{ЧaЩ7ПЋAŸК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџџoTSystemAџџ6ё{ProviderK•NameDiskA=ѕaEventID)к QualifiersdЮLevelE{TaskjЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID џџ&ƒaChannelSystemџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID ! c! Р€€А>p‚Ю4Й Fгь%g>Ж9з{p(щ`џџTD‚ EventDataŠoData!ИBinary,Ј\Device\Harddisk1\DR1Ј€ Р-БЅ џџџџXџ <€Ъ€њџџ 7Л€њџџј„Ч PўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџО ўџџџџџџџg м ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂЛћЙЖОІ 7|Ђ&€7u{ЧaЩ7ПЋAŸК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџџoTSystemAџџ6ё{ProviderK•NameDiskA=ѕaEventID)к QualifiersdЮLevelE{TaskjЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID џџ&ƒaChannelSystemџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID ! c! Р€­•Ё p‚Ю<‹Й Fгь%g>Ж9з{p(щ`џџTD‚ EventDataŠoData!ИBinary,Ј\Device\Harddisk1\DR1Ј€ Р-oЅ џџџџX<€Ъ€њџџ 7Л€њџџј„Ч PўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџО ўџџџџџџџg м ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂЛћ‹ЙЖОІ 7|Ђ&€7u{ЧaЩ7ПЋAŸК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџџoTSystemAџџ6ё{ProviderK•NameDiskA=ѕaEventID)к QualifiersdЮLevelE{TaskjЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID џџ&ƒaChannelSystemџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID ! c! Р€DS p‚Ю4ŠЙ Fгь%g>Ж9з{p(щ`џџTD‚ EventDataŠoData!ИBinary,Ј\Device\Harddisk1\DR1Ј€ Р-NЅ џџџџX<€Ъ€њџџ 7Л€њџџј„Ч PўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџО ўџџџџџџџg м ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂЛћŠЙуыг ѓ„pu†ЃаpІЮ?й4ЏЏКAЎК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџAё{Provider&FK•Name)GuidA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityID AџџUИЕ Execution8F з ProcessID…9ThreadID ƒaChannelџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID !  8 +!дл€ S/ p‚Ю4‰ЙMicrosoft-Windows-Kernel-PnP9Z œP}HЋзш1Ц)9System й[pГЃЬ`†шиџџЬD‚ EventDataAџџKŠoData3K•NameDriverNameLength Aџџ?ŠoData'K•Name DriverName Aџџ7ŠoDataK•NameStatus AџџMŠoData5K•NameFailureNameLength AџџAŠoData)K•Name FailureName Aџџ9ŠoData!K•NameVersion єzWpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_PMAP#5B7304B58140&0#eР\Driver\WUDFRdј„Ч PўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџО ўџџџџџџџg м ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂЛћ‰ЙЖОІ 7|Ђ&€7u{ЧaЩ7ПЋAŸК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџџoTSystemAџџ6ё{ProviderK•NameDiskA=ѕaEventID)к QualifiersdЮLevelE{TaskjЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID џџ&ƒaChannelSystemџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID ! c! Р€лz p‚Ю0‡Й Fгь%g>Ж9з{p(щ`џџTD‚ EventDataŠoData!ИBinary,Ј\Device\Harddisk1\DR1Ј€ Р--Ѕ џџџџX<€Ъ€њџџ 7Л€њџџј„Ч PўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџО ўџџџџџџџg м ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂЛћ‡Й ѓ„pu†ЃаpІЮ?й4ЏЏКAЎК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџAё{Provider&FK•Name)GuidA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityID AџџUИЕ Execution8F з ProcessID…9ThreadID ƒaChannelџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID !  8 [!і@ $:o‚Ю|L€ЙMicrosoft-Windows-DNS-Clientn•ъ~ЉIЃўЃxА=лMSystem •аˆйљ*~Ÿaћ№шNіџџъD‚ EventDataAџџ=ŠoData%K•Name QueryName AџџEŠoData-K•Name AddressLength Aџџ9ŠoData!K•NameAddress &client1.dropbox.com5[щэШјƒЧ PўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџО ўџџџџџџџf м ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂЙћ€ЙI § ѓ„pu†ЃаpІЮ?й4ЏЏКAЎК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџAё{Provider&FK•Name)GuidA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityID AџџUИЕ Execution8F з ProcessID…9ThreadID ƒaChannelџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID !  8 U!і@ф]Н8o‚Ю|№ЙMicrosoft-Windows-DNS-Clientn•ъ~ЉIЃўЃxА=лMSystem •аˆйљ*~Ÿaћ№шNіџџъD‚ EventDataAџџ=ŠoData%K•Name QueryName AџџEŠoData-K•Name AddressLength Aџџ9ŠoData!K•NameAddress  psi3.secunia.com5[щэШјƒЧ PўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџО ўџџџџџџџf м ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂЙћЙemU ѓ„pu†ЃаpІЮ?й4ЏЏКAЎК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџAё{Provider&FK•Name)GuidA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityID AџџUИЕ Execution8F з ProcessID…9ThreadID ƒaChannelџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID !  :Fq!Lъ@4tљ3o‚Ю˜ŒО Microsoft-Windows-Dhcp-ClientјЄЇrЋNЋ­љŠMfjэMicrosoft-Windows-Dhcp-Client/Admin Аž‹m”kdьJњг’Дza0џџ$D‚ EventDataAџџ;ŠoData#K•NameAddress1 Aџџ;ŠoData#K•NameHWLength Aџџ=ŠoData%K•Name HWAddress Aџџ;ŠoData#K•NameAddress2 [щэ№MЂГvU[щэЫјƒЧ PўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџО ўџџџџџџџf м ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂГћyЙ$  S sv}ЌФЎХ<—:~kQ2СAЕК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџBё{Provider'K•Name SideBySideA=ѕaEventID)к QualifiersdЮLevelE{TaskjЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID џџ0ƒaChannel Applicationџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID ! Г!?С€€ˆ0H^‚ЮƒЧ Fгь%g>Ж9з{p(щ`џџTD‚ EventDataŠoData!ИBinary$assemblyIdentitylanguage*c:\program files (x86)\mozbackup\dll\DelZip179.dllc:\program files (x86)\mozbackup\dll\DelZip179.dll8јƒЧšPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџН ўџџџџџџџf л ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂГћkЙАИ  S sv}ЌФЎХ<—:~kQ2СAЕК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџBё{Provider'K•Name SideBySideA=ѕaEventID)к QualifiersdЮLevelE{TaskjЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID џџ0ƒaChannel Applicationџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID ! G!PС€ХfF^‚Ю‚Ч Fгь%g>Ж9з{p(щ`џџTD‚ EventDataŠoData!ИBinaryИC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exeј‚ЧšPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџН ўџџџџџџџf л ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂГћkЙPX@ S sv}ЌФЎХ<—:~kQ2СAЕК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџBё{Provider'K•Name SideBySideA=ѕaEventID)к QualifiersdЮLevelE{TaskjЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID џџ0ƒaChannel Applicationџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID ! ч!?С€ХfF^‚ЮЧ Fгь%g>Ж9з{p(щ`џџTD‚ EventDataŠoData!ИBinaryXassemblyIdentitylanguage*c:\program files (x86)\WapSter\wapster aqq\System\DelZip179.dllc:\program files (x86)\WapSter\wapster aqq\System\DelZip179.dll8јЧšPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџН ўџџџџџџџf л ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂГћkЙLT< цŸтyqN3~'fSеЖІ—A‹К EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџыoTSystemAџџё{ProviderїFK•NameService Control ManagerF)Guid&{555908d1-a6d7-4695-8e1e-26931d2012f4}`жEventSourceNameService Control ManagerA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityIDAџџUИЕ Execution8F з ProcessID…9ThreadID џџ&ƒaChannelSystemџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID !  !XР€€(‘ W‚ЮlмOЙ ЅйЉcЂopѓ1GИHюcЩЂџџ–D‚ EventDataAџџ7ŠoDataK•Nameparam1 Aџџ7ŠoDataK•Nameparam2 8 NVIDIA Update Service Daemon%%1069јxЧ™PўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџН ўџџџџџџџe л ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂ­ћOЙ˜€ цŸтyqN3~'fSеЖІ—A‹К EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџыoTSystemAџџё{ProviderїFK•NameService Control ManagerF)Guid&{555908d1-a6d7-4695-8e1e-26931d2012f4}`жEventSourceNameService Control ManagerA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityIDAџџUИЕ Execution8F з ProcessID…9ThreadID џџ&ƒaChannelSystemџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID ! Q!~Р€€(‘ W‚ЮlмNЙ ВЄС{vEъ`Qиi^ž_урџџдD‚ EventDataAџџ7ŠoDataK•Nameparam1 Aџџ7ŠoDataK•Nameparam2 Aџџ7ŠoDataK•Nameparam3   nvUpdatusService.\UpdatusUser%%1330јxЧ™PўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџН ўџџџџџџџe л ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂ­ћNЙ' ѓ„pu†ЃаpІЮ?й4ЏЏКAЎК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџAё{Provider&FK•Name)GuidA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityID AџџUИЕ Execution8F з ProcessID…9ThreadID ƒaChannelџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID !  :F+!Kщ@ЦJW‚Ю˜Н Microsoft-Windows-Dhcp-ClientјЄЇrЋNЋ­љŠMfjэMicrosoft-Windows-Dhcp-Client/Admin чФ:lIjy“јЋSfђџџцD‚ EventDataAџџ;ŠoData#K•NameHWLength Aџџ=ŠoData%K•Name HWAddress Aџџ?ŠoData'K•Name StatusCode eЦzСyјvЧ™PўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџН ўџџџџџџџe л ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂ­ћGЙt‰‘y ѓ„pu†ЃаpІЮ?й4ЏЏКAЎК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџAё{Provider&FK•Name)GuidA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityID AџџUИЕ Execution8F з ProcessID…9ThreadID ƒaChannelџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID !  2 з! @ыMVТV‚Ю8P<ЙMicrosoft-Windows-Wininitъmo ХгMМr˜ŸШИKSystem L5ъў№ћцg}хщП$вЇЌџџ D‚ EventDataAџџAŠoData)K•Name StringCount Aџџ7ŠoDataK•NameString јuЧPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџМ ўџџџџџџџe л ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂ­ћ<ЙLT< цŸтyqN3~'fSеЖІ—A‹К EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџыoTSystemAџџё{ProviderїFK•NameService Control ManagerF)Guid&{555908d1-a6d7-4695-8e1e-26931d2012f4}`жEventSourceNameService Control ManagerA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityIDAџџUИЕ Execution8F з ProcessID…9ThreadID џџ&ƒaChannelSystemџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID !  !oР€€ЏaПV‚ЮlД*Й ЅйЉcЂopѓ1GИHюcЩЂџџ–D‚ EventDataAџџ7ŠoDataK•Nameparam1 Aџџ7ŠoDataK•Nameparam2 *PDF Architect Service%%-2147467259јnЧPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџМ ўџџџџџџџe л ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂŸћ*Й“›ƒ ж;ЂФPяDЬяt3LйKйAџџЭК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџAё{Provider&FK•Name)GuidA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityID AџџUИЕ Execution8F з ProcessID…9ThreadID ƒaChannelџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID 5DUserData!  <H|! &r €Ю6UПV‚ЮЌ˜ Microsoft-Windows-PrintService§і~t5хMЕBЩhsЁMicrosoft-Windows-PrintService/Admin saЕ3ГХaМOЋƒ§ЌkЅБёAџџх="PackageRegenerationForDriverFailed8FNwxmlns:auto-ns3/http://schemas.microsoft.com/win/2004/08/eventsМxmlnsOhttp://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/eventsџџSParam1 џџSParam2 џџSParam3 2Brother DCP-J140W PrinterWindows x642114 (0x842)ј nЧPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџМ ўџџџџџџџe л ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂŸћ(ЙSrzb n!№r]0„+–gr|БAЅК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџ<ё{Provider!K•NameRTL8167A=ѕaEventID)к QualifiersdЮLevelE{TaskjЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID џџ&ƒaChannelSystemџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID ! !€€>зИV‚ЮDщИ Fгь%g>Ж9з{p(щ`џџTD‚ EventDataŠoData!ИBinaryb(\Device\NDMP6Realtek PCIe GBE Family Controller(0€јgЧPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџМ ўџџџџџџџe л ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂ‡ћщИ>F. T‚4qїрЎ\‡ŒЧ’^ЏAЃК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџ:ё{ProviderK•NamevolmgrA=ѕaEventID)к QualifiersdЮLevelE{TaskjЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID џџ&ƒaChannelSystemџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID ! ч!.Р€5тtЗV‚Ю4фИ Fгь%g>Ж9з{p(щ`џџTD‚ EventDataŠoData!ИBinary0(\Device\HarddiskVolume2(.РРјgЧPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџМ ўџџџџџџџe л ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂ‡ћфИї ѓ„pu†ЃаpІЮ?й4ЏЏКAЎК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџAё{Provider&FK•Name)GuidA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityID AџџUИЕ Execution8F з ProcessID…9ThreadID ƒaChannelџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID !  B E!Ё@žѕ?ЌV‚ЮŒ( жИMicrosoft-Windows-WLAN-AutoConfigн爕yXF˜pеО}RжоSystem въygІиЛ$ž<[7јJ.&џџD‚ EventDataјgЧPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџМ ўџџџџџџџe л ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂ‡ћжИzЋГ› ѓ„pu†ЃаpІЮ?й4ЏЏКAЎК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџAё{Provider&FK•Name)GuidA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityID AџџUИЕ Execution8F з ProcessID…9ThreadID ƒaChannelџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID !  B щ!'@>”=ЌV‚ЮŒ( еИMicrosoft-Windows-WLAN-AutoConfigн爕yXF˜pеО}RжоSystem ,тш.Їphр§Z.М18€џџtD‚ EventDataAџџSŠoData;K•NameExtensibleModulePath FC:\Windows\System32\bcmihvsrv64.dllјgЧPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџМ ўџџџџџџџe л ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂ‡ћеИAи рШ ѓ„pu†ЃаpІЮ?й4ЏЏКAЎК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџAё{Provider&FK•Name)GuidA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityID AџџUИЕ Execution8F з ProcessID…9ThreadID ƒaChannelџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID !  N!њ€M`ЌЋV‚ЮXјfЧMicrosoft-Windows-User Profiles Service№щБ‰џZІD›D ЇЮXEApplication “ъЙ/ќУ”*F‰уї™AџџD‚ EventData1K•NameEVENT_HIVE_LEAKAџџ7ŠoDataK•NameDetail D2 user registry handles leaked from \Registry\User\S-1-5-21-305639262-2269815344-1496069459-1000: Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-305639262-2269815344-1496069459-1000 Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-305639262-2269815344-1496069459-1000\Software\Microsoft\RAS AutoDial јfЧPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџМ ўџџџџџџџe л ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂ‡ћЌИrzb n!№r]0„+–gr|БAЅК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџ<ё{Provider!K•NameRTL8167A=ѕaEventID)к QualifiersdЮLevelE{TaskjЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID џџ&ƒaChannelSystemџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID ! !€€gЈV‚Ю4ЈИ Fгь%g>Ж9з{p(щ`џџTD‚ EventDataŠoData!ИBinaryb(\Device\NDMP6Realtek PCIe GBE Family Controller(0€јbЧPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџМ ўџџџџџџџe л ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂ…ћЈИ  ї ж;ЂФPяDЬяt3LйKйAџџЭК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџAё{Provider&FK•Name)GuidA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityID AџџUИЕ Execution8F з ProcessID…9ThreadID ƒaChannelџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID 5DUserData!  <H№! t@€еT]кT‚ЮиФMicrosoft-Windows-PrintService§і~t5хMЕBЩhsЁMicrosoft-Windows-PrintService/Admin эцЙWbH:ђzU`D?ЯAџџУ~PrintOnProcFailedEd8FNwxmlns:auto-ns3/http://schemas.microsoft.com/win/2004/08/eventsМxmlnsOhttp://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/eventsџџSParam1 џџSParam2 џџSParam3 џџSParam4 џџSParam5 џџ SParam6 џџ SParam7 џџ SParam8 џџ SParam9 џџ,nParam10 џџ-nParam11   " DStrona testowaLaptopBrother DCP-J140WNT EMF 1.008327680010\\LAPTOP-SW3012Nie znaleziono |adnych drukarek. ј ^ЧPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџМ ўџџџџџџџe л ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂƒћ›И ѓ ѓ„pu†ЃаpІЮ?й4ЏЏКAЎК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџAё{Provider&FK•Name)GuidA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityID AџџUИЕ Execution8F з ProcessID…9ThreadID ƒaChannelџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID !  8 K!і@О› T‚Ю|Є–ИMicrosoft-Windows-DNS-Clientn•ъ~ЉIЃўЃxА=лMSystem •аˆйљ*~Ÿaћ№шNіџџъD‚ EventDataAџџ=ŠoData%K•Name QueryName AџџEŠoData-K•Name AddressLength Aџџ9ŠoData!K•NameAddress www.gwar.pl5[щэШј^ЧPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџМ ўџџџџџџџe л ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAhЂƒћ–ИLT< цŸтyqN3~'fSеЖІ—A‹К EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџыoTSystemAџџё{ProviderїFK•NameService Control ManagerF)Guid&{555908d1-a6d7-4695-8e1e-26931d2012f4}`жEventSourceNameService Control ManagerA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityIDAџџUИЕ Execution8F з ProcessID…9ThreadID џџ&ƒaChannelSystemџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID !  !XР€€tѓP‚Юt€И ЅйЉcЂopѓ1GИHюcЩЂџџ–D‚ EventDataAџџ7ŠoDataK•Nameparam1 Aџџ7ŠoDataK•Nameparam2 8 NVIDIA Update Service Daemon%%1069јCЧŒPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџМ ўџџџџџџџe Щ ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAh xћ€И˜€ цŸтyqN3~'fSеЖІ—A‹К EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџыoTSystemAџџё{ProviderїFK•NameService Control ManagerF)Guid&{555908d1-a6d7-4695-8e1e-26931d2012f4}`жEventSourceNameService Control ManagerA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityIDAџџUИЕ Execution8F з ProcessID…9ThreadID џџ&ƒaChannelSystemџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID ! Q!~Р€€tѓP‚ЮtИ ВЄС{vEъ`Qиi^ž_урџџдD‚ EventDataAџџ7ŠoDataK•Nameparam1 Aџџ7ŠoDataK•Nameparam2 Aџџ7ŠoDataK•Nameparam3   nvUpdatusService.\UpdatusUser%%1330јCЧŒPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџМ ўџџџџџџџe Щ ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAh xћИ' ѓ„pu†ЃаpІЮ?й4ЏЏКAЎК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџAё{Provider&FK•Name)GuidA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityID AџџUИЕ Execution8F з ProcessID…9ThreadID ƒaChannelџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID !  :F+!Kщ@zр—P‚ЮlМ Microsoft-Windows-Dhcp-ClientјЄЇrЋNЋ­љŠMfjэMicrosoft-Windows-Dhcp-Client/Admin чФ:lIjy“јЋSfђџџцD‚ EventDataAџџ;ŠoData#K•NameHWLength Aџџ=ŠoData%K•Name HWAddress Aџџ?ŠoData'K•Name StatusCode eЦzСyј@ЧŒPўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџМ ўџџџџџџџe Щ ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAh xћxИƒ‰‘y ѓ„pu†ЃаpІЮ?й4ЏЏКAЎК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџAё{Provider&FK•Name)GuidA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityID AџџUИЕ Execution8F з ProcessID…9ThreadID ƒaChannelџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID !  2 з! @жtбЪO‚Ю4L_ИMicrosoft-Windows-Wininitъmo ХгMМr˜ŸШИKSystem L5ъў№ћцg}хщП$вЇЌџџ D‚ EventDataAџџAŠoData)K•Name StringCount Aџџ7ŠoDataK•NameString ј>Ч‚PўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџЛ ўџџџџџџџd Щ ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAh uћ_ИLT< цŸтyqN3~'fSеЖІ—A‹К EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџыoTSystemAџџё{ProviderїFK•NameService Control ManagerF)Guid&{555908d1-a6d7-4695-8e1e-26931d2012f4}`жEventSourceNameService Control ManagerA=ѕaEventID)к Qualifiers  Version dЮLevelE{TaskЎOpcodejЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID AџџmЂђ CorrelationLF ё ActivityID5ХRelatedActivityIDAџџUИЕ Execution8F з ProcessID…9ThreadID џџ&ƒaChannelSystemџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID !  !oР€€ЮъШO‚ЮtшSИ ЅйЉcЂopѓ1GИHюcЩЂџџ–D‚ EventDataAџџ7ŠoDataK•Nameparam1 Aџџ7ŠoDataK•Nameparam2 *PDF Architect Service%%-2147467259ј9Ч‚PўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџЛ ўџџџџџџџd Щ ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAh hћSИrzb n!№r]0„+–gr|БAЅК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџ<ё{Provider!K•NameRTL8167A=ѕaEventID)к QualifiersdЮLevelE{TaskjЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID џџ&ƒaChannelSystemџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID ! !€€KУO‚Ю0И Fгь%g>Ж9з{p(щ`џџTD‚ EventDataŠoData!ИBinaryb(\Device\NDMP6Realtek PCIe GBE Family Controller(0€ј1Ч‚PўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџЛ ўџџџџџџџd Щ ўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџўџџџџџџџAh PћИ>F. T‚4qїрЎ\‡ŒЧ’^ЏAЃК EventМxmlns5http://schemas.microsoft.com/win/2004/08/events/eventџџoTSystemAџџ:ё{ProviderK•NamevolmgrA=ѕaEventID)к QualifiersdЮLevelE{TaskjЯKeywordsAџџ@;Ž TimeCreated<{ SystemTime &F EventRecordID џџ&ƒaChannelSystemџџ.;nComputer Laptop-SWAџџ2 .SecurityfLUserID ! ч!.Р€ЖœPСO‚Ю4 И Fгь%g>Ж9з{p(щ`џџTD‚ EventDataŠoD